OSS fire drills

Thousands of bank staff are being subjected to cyber security “fire drills” to determine who opens malicious emails or fails to report suspicious computer activity, in a sign financial institutions are ramping up their defences to criminal attacks on their information technology systems.”
James Eyers
on AFR.com.

So banks have commenced running cyber-security fire drills (spear phishing and reporting suspicious activity). What a great concept!

Like you no doubt, I’ve worked with plenty of organisations that have regular fire drills, some at a scheduled time every single week. But have you ever worked at an organisation that has run an OSS fire drill? I imagine you’ve probably experienced OSS fires, but not OSS fire drills!!

What does an OSS fire drill look like?

  • Who are your fire wardens (and what do they do, who do they coordinate with)
  • What does it cover
    • security
    • system outages
    • network outages
    • structural inflection points
    • processes / procedures
    • ring-fencing / segregations
    • behaviours
  • What are your biggest behavioural risks that you want to ensure are hardened

Contingency planning is something that has been done in OSS… Regular fire drills, not so much. I just love the analogy of the terminology – it’s something that everyone can relate to.

Read the Passionate About OSS Blog for more or Subscribe to the Passionate About OSS Blog by Email

Leave a Reply

Your email address will not be published. Required fields are marked *