your organization have a CERT (Computer Emergency Response Team)
or anything else similar?
you ever discovered a problem, incident or other issue that isn't
in your back yard? The larger or more geographically spread out
the enterprise, the more likely this is to happen. Unless it
is an ongoing clear and immediate danger, the first step is usually
to contact a team member or someone in the location or organization
in question, usually by telephone, IM or e-mail. If you can't
make contact with that office within the first day or two, the
perceived urgency tends to drop, usually pushed aside by something
almost every organization I've worked in (either as an employee
or outside consultant), the emergency contact list -- if one
exists -- is out of date. Why? Because no one "owns"
it, and more to the point: No one maintains it. In almost every
one of these places, I've found it necessary to rebuild the contact
lists for names, phone numbers, e-mail addresses, network charts/maps.
And where the list does have correct information, the individual
people on the list often don't know each other, which can lead
to turf wars when an incident does occur.
you are in the security role/function/team, and you don't have
a CERT (Computer Emergency Response Team) by that name or any
other, form one. And make sure you get management support. Not
just your management, but written (e-mail) permission of the
manager of each person whom you want to join the team. An effective
approach I've found is to "nominate" the candidate
of your choice, but leave the final decision to their manager.
You won't always get who you want, but by getting the manager's
buy-in, in writing, the occasional emergency that sucks up more
time than anticipated will continue to get support.
now assume that you have management support. Find out who the
IT people are in every location. Call them up and talk to them.
Introduce and identify yourself, since in many cases, they may
not know you from Adam (or Eve, as the case may be). Ask them
who "owns" what and who should be contacted for what.
Find out who their management is. Provide them with your contact
some cases, the organization has been so fractured that I've
had to call sales offices to find out where they get their IT
support from. In other words, the organization chart (and sometimes
the IT/IS org chart) failed to provide enough structure to provide
a clue as to where they existed. In a few extreme cases, I've
discovered small IT organizations that existed basically in a
vacuum. In any event, the next step is to put the entire list
together and share it with everyone. In many cases, the contact
may not be an IS/IT person, but simply a useful contact. Keep
an open mind.
comes the maintenance. Keep them all in touch. Send out updates,
notify them about new tools -- anything to keep the lines of
communication open between you and all of them. Monthly conference
calls and discussion groups build the idea of a team whether
they are email, conference call, or web based. At least once
a year (preferably more) call up each person for some informal
reason. Find out if there have been or are going to be organizational
changes. Did they get a new manager? Then get the new manager's
buy-in. Have they been promoted? They may or may not have time
to devote to the team. Have any e-mail addresses or phone numbers
changed because of technology changes (brand of mail server,
VoIP, move to new facilities). Unless you have a HUGE organization,
this maintenance should take less than an hour a month.