Crisis Management & Recovery

Start

Crisis Management & Recovery

By: Emily Eikenberry

01

Cyber-Physical Threat - Insider Threat

Next

Incident Overview

• Incident: Insider threat steals sensitive data and disables security cameras
• Impacts: Security gaps, Data loss, and operational disruptions
• Affected Areas:
• Physical security
• IT systems
• Business operations

Next

Next

Impact Cascade

• Physical Security: Risk of other breaches and surveillance disabled
• Personnel: Loss of trust, suspicion, and potential legal/HR action
• Business Operations: Reputational damage and compliance violations
• Technical Systems: Exfiltration risks and data breach
• External Stakeholders: Customer trust issues and regulatory/legal impact

Crisis Timeline

Next

1. Discovery: Security team finds that there is missing data
2. Assessment: IT and security reveals insiders access log
3. Escalation: Cameras get disabled and the insider is unaccounted for
4. Containment: Systems get locked down and there is a forensic analysis
5. Recovery: Data gets resorted and there is upgrades in the security

• Business Continuity Steps: Legal & compliance reporting.
• Alternative Site Activation: Backup monitoring facility engaged.
• Return to Normal: Re-evaluate hiring policies, strengthen insider threat detection.

Recovery& Continuity

• Staff Roles: Security teams assigned for investigation & monitoring.
• Access Control Adjustments: Immediate access revocation for insider.
• Emergency Response: Physical security reinforcement, forensic analysis.

• System Recovery Priorities: Secure endpoints, block insider access.
• Data Backup & Restoration: Verify integrity, restore missing files.
• Security Controls: Enhanced monitoring, access control review.

• Crisis Management Team: IT security, CISO, HR, Legal, and Operations
• Communication Plan: Stakeholder updates and Incident notification
• Decision Authority: CISO-led and coordination with HR and legal

Command & Control

Technical Response

Next

Personnel & Physical Security

02

Cascading Crisis - Hurricane Causes data Center Failure

Next

Incident Overview

• Incident: Category 5 hurricane damages data center & supply chain.
• Primary Failure: Data center outage, business disruption.
• Secondary Failures: Employee displacement, supply chain backlog.

Next

Next

Impact Cascade

• Personnel: Employee safety risks relocation challenges.
• Physical Security: Facility damage, access control failures.
• Technical Systems: Critical applications offline, data loss risks.
• Business Operations: Delays, revenue loss, reputational harm.
• External Stakeholders: Customers, vendors, and regulators affected.

Crisis Timeline

Next

1. Storm Forecasted: Preemptive continuity measures activated.
2. Data Center Damage: Systems fail, and emergency protocols are triggered.
3. Operational Disruptions: Supply chain stalls and personnel evacuation.
4. Emergency Response: Backup site activated, temporary work policies.
5. Recovery & Rebuilding: Facility restoration, long-term strategy review.

• Business Continuity Steps: Activate remote work plans to stabilize operations.
• Alternative Site Activation: Deploy backup office/data center.
• Return to Normal: Long-term rebuilding, improved redundancy plans.

Recovery& Continuity

• Emergency Response: Evacuate employees to secure critical assets.
• Access Control Changes: Restrict entry to damaged facilities.
• Security Reinforcement: Physical site protection, security patrols.

• System Recovery Priorities: Restore backups and deploy cloud failover.
• Data Backup/Restoration: Validate integrity failover activation.
• Security Control Adjustments: Access control revalidation, emergency authentication.

• Crisis Leadership: CEO, CIO, Business Continuity team, Emergency Services.
• Authority Chain: CIO manages IT response; HR & Operations handle workforce impact.
• Stakeholder Communications: Customers, suppliers, and regulators are notified.

Command & Control

Technical Response

Personnel & Physical Security

https://www.interos.ai/wp-content/uploads/2022/10/100522-blog-hurricane-ian-pie-chart.jpg https://www.interos.ai/wp-content/uploads/2022/10/100522-blog-thumb-hurricane-ian-1024x576-1.jpg https://parablu.com/wp-content/uploads/2024/09/Indicators-of-Insider-Threat.jpg https://linfordco.com/wp-content/uploads/2019/07/insider-threats-in-cyber-security.jpg

Images

Allers, T. (2024, September 17). Supply Chain Disruption: Causes, effects, and management. Intuendi. https://intuendi.com/resource-center/supply-chain-disruption/ Back-to-back hurricanes wreak havoc on supply chains. Institute for Supply Management. (n.d.). https://www.ismworld.org/supply-management-news-and-reports/news-publications/inside-supply-management-magazine/blog/2024/2024-10/back-to-back-hurricanes-wreak-havoc-on-supply-chains/ Defining insider threats: CISA. Cybersecurity and Infrastructure Security Agency CISA. (n.d.). https://www.cisa.gov/topics/physical-security/insider-threat-mitigation/defining-insider-threats Fennelly, L. J. (2017). Effective physical security. Butterworth-Heinemann Ltd. What is insider threat? unraveling insider risks: Microsoft security. What Is Insider Threat? Unraveling Insider Risks | Microsoft Security. (n.d.). https://www.microsoft.com/en-us/security/business/security-101/what-is-insider-threat?ef_id=_k_Cj0KCQiAq-u9BhCjARIsANLj-s1V-5qI4hl735HGCICUo6IxF6kuXH4MhbNChJxahtHqganTX15wzHMaAlNjEALw_wcB_k_&OCID=AIDcmmdamuj0pc_SEM__k_Cj0KCQiAq-u9BhCjARIsANLj-s1V-5qI4hl735HGCICUo6IxF6kuXH4MhbNChJxahtHqganTX15wzHMaAlNjEALw_wcB_k_&gad_source=1&gbraid=0AAAAADcJh_tUKNERH5sgmBnoP56OAbgqZ&gclid=Cj0KCQiAq-u9BhCjARIsANLj-s1V-5qI4hl735HGCICUo6IxF6kuXH4MhbNChJxahtHqganTX15wzHMaAlNjEALw_wcB

Resources