When disaster hits your company, will you or your boss be left napping like Heathrow’s boss?

Make sure there’s a way to rouse critical staff when a genuine emergency happens.

https://www.bbc.co.uk/news/articles/c62n0y3nepzo

#cybersecurity

  • jaark@infosec.exchange
    1·
    1 month ago

    @gcluley@mastodon.green I read this the other way, organisations should have structures in place so that there are no single points of failure. That they were able to take such actions when the chief is unavailable is a strength more important than the ability to interrupt much-needed sleep.
    An overly tired chief is more likely to make poor decisions,

    • Graham Cluley@mastodon.greenOP
      1·
      1 month ago

      @jaark@infosec.exchange I’m completely sympathetic with that point of view. One would like to think that teams are empowered, and delegation of responsibilities were in place.

      But it’s equally possible that the “ultimate crisis situation” (ie “we have to shut down the entire airport”) did have an agreed procedure, and that it was that Heathrow’s grande fromage had to be informed and give the green light, regardless of whether he was in his pyjamas or not.

      • Graham Cluley@mastodon.greenOP
        1·
        1 month ago

        @jaark@infosec.exchange
        In the report, it says that Woldbye expressed “his deep regret at not being contactable during the night of the incident.”

        Well, he’s learnt the lesson now I guess.

        Put the crisis plan together - and then make sure you’ve considered the possible ways it could go wrong. Prevent what’s possible to prevent, and think of ways to handle the “what ifs” which might arise in those early hours of a serious incident.

        • jaark@infosec.exchange
          1·
          1 month ago

          @gcluley@mastodon.green I would say that the chief being asleep should (and is in this case) be just a PR ‘problem’. It’s fodder for overexcited newspaper headlines. Operationally it didn’t affect the response plan.
          DR plans must not assume that an individual can be contactable and there is no tech or process that can guarantee that a person is contactable. Many senior positions would have a deputy with the authority to act if the primary is unavailable.

  • ohulancutash@feddit.uk
    1·
    1 month ago

    Alternatively, it’s how he found out people find him useless. If he were in any way critical, the police would have been bashing his door down.