Incident Managers: Bringing Order to Chaos

In MOXFIVE’s experience, incident management is an essential component of incident response. When you have a leaking pipe or a malfunctioning outlet, you bring in a professional to execute the necessary repairs. When a tree falls on your house and you need help cleaning up and repairing the damage, you call a specialist contractor.  

They will assess the situation, develop a plan, and then bring in all the experts needed to execute. Once underway they will orchestrate each workstream to be done at the right time, coordinate the work of multiple teams executing in parallel, and ensure the fix is completed on time, within budget, and according to the specified scope.

Now let us imagine that the house represents your cyber environment and the tree that invaded your living room represents a security incident. MOXFIVE, a technical advisory firm focused on minimizing the business impact of cyber attacks, might be your first call.    

Why is incident management essential for incident response?  

We appoint an Incident Manager to every MOXFIVE engagement. Incident Managers organize all parties involved, enabling swift and efficient forward movement on initiatives, and take responsibility for the overall success of the project. This ensures that while everyone focuses on their roles - technical advisors providing strategic project direction and expertise, recovery teams working on restoration and collaborating on containment, forensics teams investigating activity and containing any further activity, and counsel providing legal guidance – the Incident Manager keeps the project moving forward. Most significantly, they enable organizations to focus on resuming business operations rather than managing incident response activities.  

The incident managers are an integral aspect of our process because they serve as the "glue" that binds the diverse partners of a response project together - establishing connections between teams and identifying critical path items to ensure that progress is made as efficiently as possible. Incident Managers understand the client’s incident landscape, ranging from outside counsel, MOXFIVE engineering teams, and the client’s various internal teams, and so know when and whom to involve in a given discussion. This enables the MOXFIVE team to become an extension of the client's team during this process.  

How precisely do incident managers aid with cyber incidents?

Incident managers create and cultivate order in the midst of chaos. Starting at the outset of the incident, they implement structures that enable effective collaboration, measurement, and expectations management. These early-stage activities pay dividends as the project progresses – lowering blood pressures by instilling the process with a level of professional confidence.

The list below captures some of the benefits that incident managers provide MOXFIVE clients.    ‍

Establish Information Flows & Instill Stakeholder Confidence

One of the first things Incident Managers do is establish a regular cadence of status calls and technical syncs with set agendas. They also ensure the appropriate audience has been included for each call, which can significantly enhance the actual and perceived efficiency of the meetings. They are also able guide teams through choosing the most efficient means of communicating – for example, accomplishing some objectives through asynchronous email updates while convening live discussions for other items.  

Incident Managers also specify when, and to whom, metrics, reports, and other updates are due. As Incident Managers deliver relevant updates consistently, stakeholders proactively receive the information they need, when they need it. Without this type of proactive communication, stakeholders tend to generate a flurry of ad-hoc requests, which can slow teams’ ability to move tasks forward.  

Proactively Coordinate Activities

A key part of effective incident response is coordination among multiple teams. For example, Incident Managers pan-project view of each team’s plans helps them to identify dependencies. This enables them to provide stakeholders with an accurate view of the critical path toward resuming business operations and keeps the project moving forward.  Incident Managers highlight and track progress against significant milestones. They set up, prioritize and maintain the tracking mechanisms that the recovery team depends on. One of the benefits of this coordination is helping to keep team members’ loaded with a steady flow of tasks, ensuring optimal utilization and efficiency across the project..  

Adaptive Risk Management

One of the most essential duties of an Incident Manager is to monitor the project's scope, budget, and schedule – adapting when necessary to keep everything moving. Having a broad understanding of the project’s workstreams and regular contact across teams enables Incident Managers to proactively identify risks, keeping stakeholders appraised of status and potential roadblocks. Incident Managers observe and report out on the recovery progress keeping everyone well informed. One benefit of Incident Managers being appointed to every project is comparison of the data collected on previous similar projects to help inform expectations for this incident.  

When the tree falls on your house, you have a real and figurative mess on your hands. By employing a contractor to oversee the overall project, the day-to-day operations, the required specialists for each phase, the budget, and insurance, you can focus on your urgent needs while the work is being performed. By having the right individual lead the project and letting the specialists do what they do best, you can concentrate on what you know best: your business.

If you have questions about Incident Managers, Incident Management as a platform or need help with a current incident, you can contact MOXFIVE at ask@moxfive.com or use our Contact form.

‍