Preparation

            Effective incident management starts long before the incident
            ever happens. Preparation is often the key to success, and
            preparation, in this case, means to make as many decisions, and
            take as many steps as possible to be ready for an incident. Few
            people make right decisions under pressure, so a key part of
            preparation is to make as many decisions about responsibility,
            response, or network isolation.

            The preparation and development of the incident response plan
            will also consider input from risk assessments and business
            impact analysis efforts to ensure that critical assets, systems, and
            processes are identified, risks are addressed, and the plan is
            aligned with the priorities of the organization.

            Unfortunately, some incidents can be severe and may require the
            involvement of external parties such as law enforcement and
            regulatory agencies. Incident management requires that the
            conditions and steps to be taken to interface with these external
            parties are defined in advance, and there must be an appointed
            liaison that will be the organization's representative to work with
            these parties.

            This also requires that the legal counsel of the organization and
            human resources departments are included in the incident
            response plan and team. When employees are represented by a
            union, it can be advisable to work with the union as well to
            prepare for how to deal with contract terms and working
            conditions during a crisis.

            Any incident that involves a publicly known situation also has
            the potential complications of media involvement. This requires