Peer-Driven Insights

Incident & Problem Management

Active Ambassadors in This Topic

Chris Oehlerking

Chris Oehlerking

Honeywell

Manufacturing, 1k - 5k

United States
G

Gene Johnson

Commonwealth Bank of Australia

Banking, 10k+

Australia
Jamie Crews

Jamie Crews

County of Orange

Government, 10k+

United States
View All Community Ambassadors

Community Posts

I'd like to better understand industry standards for the number of P1 and P2 incidents for a retail company. Would any of you know where I could find these standards?

Who owns Communication in Network vs. Security Incidents? Best Practices & RACI Guidance Needed In many organizations, Network and Security teams both play a role in incident response, especially when firewall or SASE issues impact network performance. When an issue is first diagnosed by the Network team but determined to be security-related, who should own the ongoing communication, resolution updates, and root cause reporting? I’d love to hear from the community:  • Are there best practices, ITIL/ITSM frameworks, or RACI models that clarify ownership?  • How does your organization handle communication handoffs between Network and Security teams?

What challenges have you recently encountered in managing the increasing number of SaaS vendors within your organization? And how did you handle it?

Read More Comments

Have you put together a cyber security incident response plan flow chart for communications specifically?

Yes40%

Yes, but it needs updating43%

No11%

We're working on one4%

View Results

What are your best practices for outage notifications? How do you keep the IT leadership team aware in real time? How does your support desk / organization get involved and when?

Read More Comments

What information is most essential for the board/executives to decide whether to pay ransomware attackers (in cases where ransom payment is not banned)?

Read More Comments

In your opinion, what could cloud providers do to truly address cloud lock-in concerns and give you more flexibility as a customer?

Read More Comments

I would like to know what kind of tool, platform or rule/regulation/standard can help IT to define the IT risk management?

Are there any recommended documentation, insightful tips, or refined strategies available to expedite decision-making within the AI Governance Board, all while ensuring the secure preservation of company intellectual property? Managing an AI Governance Board predominantly comprised of legal experts across various domains, including Legal, Ethics, IP, and Procurement, with minimal representation from the IT sector, presents distinct challenges. Effectively persuading non-IT members to consider measured risks in AI proposals demands a strategic approach. 

Read More Comments

Has anyone faced what you consider to be higher than necessary software renewal fees this year because of "inflation"?  Is this showing up for you as a real problem, or is this just the media blowing it out of proportion?

Read More Comments

Does your org have any designated incident handlers or coordinators who are responsible for communicating with stakeholders during remediation activities?

Yes28%

We're discussing this option41%

No, but that might change21%

No, and I doubt that will change6%

Other (I'll explain via comment)1%

View Results

If you had to pick to prioritize your incident response and preparedness efforts, which would it be:

Running crisis management table top exercises77%

Running technical CSIRT table top exercises23%

What are the typical pitfalls CISOs run into when developing/updating their org's cyber incident response plan?

Without disclosing any specific vendor names - What was the most egregious experience you've had with a software vendor that still makes you wonder, “Did that really happen? Did they truly do that?”

Read More Comments

Who in your organization is assigned to own and drive any long-term remediation actions that come out of an Incident Response After Action report?  I've spoken with a few that all point back to the Incident Response team, but this feels like an inefficient use of those resources as I feel they are typically highly trained and technical individuals who should work on open investigations and escalations. 

Wondering if anyone’s ever defended against a hash function-based attack — can you share how you dealt with it, or any lessons learned from that?

Read More Comments