When it is the real cyber scenario, instead of a tabletop exercise, everything changes.
The clock is ticking, the business wants details faster than you can get them, and you're going though your incident response (IR) plan under extreme pressure.
One CISO on the Advisory Board of SecureWorld Seattle shared (and showed) how their resting heart rate jumped as soon as they discovered a cyber incident, only declining when things settled out:
So if the pressure of a cyber incident is so intense it impacts your health, this leads to a critical question: Do you have the right person in charge of your incident response?
Can they handle the pressure?
This came up during a recent interview I had with well-known cyber attorney Shawn Tuma after he presented at SecureWorld Dallas.
He says this is one of the overlooked details of IR—temperament—and it can make a huge impact on the success (or not) of your response to a hack or attack.
In his many years of helping clients through a cyber incident, both people who are too laid back and those who are too uptight and nervous hurt an organization's incident response.
You really need to find someone who is both decisive and even keeled, he says.
"When you have that kind of person, you give yourself your best chance of having a sensible, coordinated response that does the things you need to do in the time period you need to do them in."
Watch my interview with him for more details.
Do you agree that this emotional component to incident response is a real thing, and can the personality type of the person in charge of IR make a significant difference?