Crisis Management (CM)

The CM Plan is a corporate level document defining (1) the various response teams,  escalation criteria and the overall response process that an enterprise will deploy in the event of a significant business disruption,  It is a business level plan focused on communication between the response teams and communication with external stakeholders (e.g. customers, key vendors, regulators, legal/government authorities).  Allaire recommends using an "all hazards" approach so that the CM plan serves as an umbrella document over all other corporate response plans including, ITDR Recovery Plans, InfoSec Incident Response Procedure, Business Continuity Plans

The TTX is conducted in a 2-3 hour setting in which the Crisis Management and response teams (InfoSec, ITDR, BC) are presented with a business disruption scenario.  The outage timeline can run over several days/weeks depending on the scenario and at various points along the timeline, managers are challenged with defining priorities and action items for the response teams.  Participants and/or teams are given specific information (injects) which they need to react to and report on exercising the communication strategies in the CM Plan.   The scenario can also require participants to simulate communication with external stakeholders such as regulators or customers.  The TTX can be targeted at senior management (the "C" suite), business managers or both.  Below is a short summary of CM TTX scenarios which can be combined:

• Information Security Event - Ransomware, Data Breach and/or Email Compromise  
• Data Center or Corporate Building Outage
• Key Vendor outage 
• Natural Disaster
• Application Outage
• Civil or Employee Disturbance

The TTX can be targeted to exercise the Crisis Management response organization or focused on exercising your BC and/or ITDR plans and strategies.