Crisis communications: A primer for teams (Part 1)

The long view of security strategies for your network.

When problems strike, organizations need clear lines of communications that have been established through careful functional analysis, documented thoroughly, tested in multiple realistic trials, and improved repeatedly to reflect reality. In my white paper on "Computer Security Incident Response Team Management," which was integrated into Michael Miora's chapter on that subject in the Computer Security Handbook, 5th Edition (Wiley, 2009; Bosworth, Kabay & Whyne, eds), I wrote, "The CSIRT should include members from every sector of the organization; key members include operations, facilities, legal staff, public relations, information technology, and at least one respected and experienced manager with a direct line to top management."

However, having read an excellent book by Al Czarnecki, APR entitled Crisis Communications: A Primer for Teams, I now realize that my white paper does not adequately cover the public-relations dimension of incident handling and I'm going to produce a revised edition!

This little book (154 pages with 43 pages of useful appendices) is packed with useful, immediately applicable information and operational suggestions. Much of the information is presented in bullet points that make the author's intentions crystal clear. Here is an excerpt from his introduction:

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

When problems strike, organizations need clear lines of communications that have been established through careful functional analysis, documented thoroughly, tested in multiple realistic trials, and improved repeatedly to reflect reality. In my white paper on "Computer Security Incident Response Team Management," which was integrated into Michael Miora's chapter on that subject in the Computer Security Handbook, 5th Edition (Wiley, 2009; Bosworth, Kabay & Whyne, eds), I wrote, "The CSIRT should include members from every sector of the organization; key members include operations, facilities, legal staff, public relations, information technology, and at least one respected and experienced manager with a direct line to top management."

However, having read an excellent book by Al Czarnecki, APR entitled Crisis Communications: A Primer for Teams, I now realize that my white paper does not adequately cover the public-relations dimension of incident handling and I'm going to produce a revised edition!

This little book (154 pages with 43 pages of useful appendices) is packed with useful, immediately applicable information and operational suggestions. Much of the information is presented in bullet points that make the author's intentions crystal clear. Here is an excerpt from his introduction:

This book has been written for three main audiences:
• Senior managers who want a new tool to develop their crisis response team.
• Organizations without an accredited public relations professional.
• Communicators looking for new ideas on crisis communications.

Czarnecki summarizes the content of each of the five parts (there are 14 chapters in all) as follows (excerpts directly from his text):

1. "The Team" outlines the salient roles of key players prior to and during a crisis situation. Use this concise chapter and the table of contents to engage your team in reading and discussing this book.
2. "The Crisis Soup" describes five aspects of planning for crisis communications: scenarios, resources, roles, process and principles. The last four items strengthen your organization's resilience.
3. "Issues and Actions" covers operational details relevant to crisis communications.
4. "Resilience and Continuity" considers how to keep your team functioning through a disaster. Emergency Provisions outlines down-to-earth preparations for even the smallest organization.
5. "Development" suggests how to move forward on crisis communications readiness. Building Your Team outlines a process for developing senior manager involvement.
Finally, "Appendix A offers some sample documents. Appendix B contains selected and annotated URLs." The book contains a username and password that provides access to an updated PDF file with all the links in the book and more.

In my next column, I'll pick out a few of the excellent suggestions from this superb resource and apply them to the spectacular public relations errors of Gov. Mark Sanford of South Carolina in June 2009.

* * *

Al Czarnecki APRis an accredited public relations professional with twenty years of experience. You can read more about his book on his Web site.

Read more about security in Network World's Security section.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.