Crisis management

5 key steps to handle a crisis

Crisis management is a moment as dreaded as it is almost inevitable, but anticipation is the key to getting through it and recovering in the best possible way.
2 min

Even if you’re not Morgan Chase that had to face 45 billion intrusion attempts in 2023, you need to secure your Information System to ensure business continuity, data protection and even your reputation. 

How can you prepare for and cope with a cyber incident? Here are 5 key steps. 


Controling risks, requires a perfect knowledge of Information System, critical assets and data, and understanding of threats and context.  
A cybersecurity incident also requires to be able to quickly deploy a crisis unit to manage both technical and communication subjects. Tabletop exercises are essential to prepare for this.


An efficient detection requires the right tools and resources. More precisely, the Information System needs to be protected by relevant and high-performance solutions that have to be set up and managed by expert staff – in-house or with the help of partners.


Once a tool has detected a security event, experts have to assess its criticality and document it, in order to define what actions to take. 
This stage also aims to understand the threat and the attackers goals, in order to limit its spread on the moment and in the future.


After analyzing the situation, depending on the context, the experts may proceed to block the threat, kill processes, isolate endpoints, quarantine files… In the perspective of system or data recovery. 
In addition to the technical aspects, the response phase may also include internal and external communication actions.


Post-incident analysis enables lessons to be learned from the incident, so that the protection of the Information System can be strengthened, and user awareness improved… in anticipation of future attacks. 

Pro tip  
Having a good knowledge of the information system allows to improve detection, and to know which actions and responses are expected.
It also allows to have a better visibility over the actions taken by the attacker, to help an efficient response and to know what needs to be cleaned up.

5 keysteps to handle a crisis - Dataviz

How to set up a crisis unit?
Who should be involved?