Yesterday I drove to work which isn't something that I typically do. I like my sanity too much (what little is left) to fight Atlanta traffic on a regular basis. I woke up late and missed the one bus that will get me to the office in a decent amount of time so I decided to work from home for a couple of hours and then drive in after rush hour was over. I had the same thought process for my commute home. Leave before rush hour and work remotely for a couple of hours. So I left early and went to my favorite coffee house and set up office for a while. I let my wife know that I was close by in case something happened and she needed me in an emergency.
Some would say that I was setting myself up for this but about an hour later my cell phone rang and it was her. "You've got to come home right now! Bella drank about 1/4 cup of Hydrogen Peroxide!" CLICK My phone went dead just as I was about to tell her to call Poison Control. So, I packed up quickly and hit the road. I called back to calm my wife down and to have her call Poison Control. When I arrived home my wife informed me that our youngest daughter may have also drank some of the peroxide also.
My wife was rushing around getting ready to take the girls to the doctor and getting upset with me because I wasn't panicking. I knew that peroxide could be dangerous to a child if enough was ingested but I also knew that it would cause them to throw up soon. So I convinced her to wait a while and see what happens. I also asked my daughters about how much they had actually drunk and called Poison Control myself to talk to them. It turns out that the oldest only had a "good swallow" and that the youngest just tasted it. The oldest did throw up and Poison Control told me not to worry.
That got me to thinking about how IS/IT teams often react to emergencies at work. Do they panic and rush into a plan that hasn't been thought out or do they take a deep breath and look at what is going on and try to learn the facts of what has happened and what their options are? If you don't have an incident response plan I can tell you that more than likely people are reacting instead of thinking. Even if you have an IR Plan if it hasn't been tested and the team isn't familiar with the plan and their role in the incident they will usually just do whatever comes to mind first. Sometimes that works well and sometimes not so much. You can't take that chance.
Security's Everyman
Wednesday, January 16, 2008
Reacting or Thinking
Posted by Andy, ITGuy at 7:36 AM
Labels: Andy ITGuy, incident response, information security
Subscribe to:
Post Comments (Atom)
1 comment:
Now, it was already on my to do list for PCI reasons, but this is the first post that gave me a legitimate wish to create an incident response plan for my one man IT operation. Nicely done.
Post a Comment