“Thousands of bank staff are being subjected to cyber security “fire drills” to determine who opens malicious emails or fails to report suspicious computer activity, in a sign financial institutions are ramping up their defences to criminal attacks on their information technology systems.”
James Eyers on AFR.com.
So banks have commenced running cyber-security fire drills (spear phishing and reporting suspicious activity). What a great concept!
Like you no doubt, I’ve worked with plenty of organisations that have regular fire drills, some at a scheduled time every single week. But have you ever worked at an organisation that has run an OSS fire drill? I imagine you’ve probably experienced OSS fires, but not OSS fire drills!!
What does an OSS fire drill look like?
- Who are your fire wardens (and what do they do, who do they coordinate with)
- What does it cover
- security
- system outages
- network outages
- structural inflection points
- processes / procedures
- ring-fencing / segregations
- behaviours
- What are your biggest behavioural risks that you want to ensure are hardened
Contingency planning is something that has been done in OSS… Regular fire drills, not so much. I just love the analogy of the terminology – it’s something that everyone can relate to.