Our Playbook

playbook1In order to ensure that every breach we manage is done to a Gold Standard, every time, we have written a Playbook. Its benefit, like a Playbook in sports, allows us to:

  • Coordinate the work of our team.
  • Ensure that everything we do is efficient, effective, and proven by past experience.
  • Ensures that we don’t forget anything. That is especially critical given the regulatory issues with cyber risks and the possibility of harm to our client — reputational risk and litigation – if we get it wrong.
  • Constantly improve our process, to make our work both better and faster for both our clients as well as for us.
The Playbook goes into detail on the two phases of system and data security:

  • The Preliminary Severity Assessment of each incident (in case a client asks us to do this for them), and
  • The Event Management Process for the major events. This is a set of 100+ decision trees – one for each kind of event. These organize the actions (from very different people) so that we can efficiently, thoroughly, and professionally respond to this event in the least disruptive way to our client and in a way that reduces our client’s risk to the greatest extent possible.
A considerable part of the Playbook deals with preparation: what the client can do to prepare for a breach when it happens. We already know that great preparation can cut the cost (and time) to manage a breach in half.

These decision trees have the same purpose and structure as the Emergency Checklists for a Boeing 787. In fact, they were both created in the same way and for the same purpose: the most effective response to an unusual and unwanted event in an environment of stress where speed and effectiveness of the response is vital.

The time to figure out what to do when one of the two engines on the jetliner fails is NOT when two pilots are over the Atlantic at night with an engine out. The time to do that is before the flight and it is best if that checklist is created by a room-full of experts sharing their knowledge in a well-lit room with lots of time to come up with a protocol that is:

  • Effective
  • Takes into account the many causes and remedial actions that these two pilots might do
  • Comes up with a detailed and well-researched plan in advance and put into the cockpit for the pilots to follow exactly.
  • Implemented expediently. The response must be efficient, straightforward, and fast.
  • Constructed by disciplined responders (pilots).
  • Not left to improvisation – ever!
Another advantage of the “Emergency Checklist” approach to breach response is that it allows team members from all different disciplines to work together efficiently: legal, IT forensics, PR, Operations, HR, and the notification and client protection team. Everybody knows their role every step of the way.

In all too many breach responses, the integration of these quite different skills is a challenge. With a Playbook approach, it comes naturally.

These protocols and institution knowledge are described in several documents available on our Library.

You can have your own customized Playbook!

If you are a client of Caerleon under a subscription arrangement, we will create your own Playbook based on the one that we use when managing a breach or helping a client prepare or do the Preliminary Incident Assessment in house.

Having a customized Playbook can be very valuable for those companies who would like to do some of the breach preparation and management themselves.