Save Our Souls (SOS) [Updated 2019]
Natural disasters are unexpected events that can cause severe financial and environmental loss as well as the loss of human life. As an enterprise, it is our responsibility to ensure that proper recovery strategies are in place, just in case these natural calamities occur. In order to tackle these types of incidents, a Save Our Souls (SOS) system can be implemented. It provides a set of protocols to be followed in case an unexpected disaster befalls your company.
An SOS system can be implemented to take responsibility of offices, regional headquarters, data centers, and employees. The SOS should be capable of fetching live video feed messages from multiple sources like news channels, podcasts, etc. Employers are found liable if they disobey safety regulations and put their employees under severe risk, which impacts business. Irrespective of companies' diverse sizes, emergency communication is vital for business efficiency.
What should you learn next?
An SOS analyst has to monitor the outside physical threat proactively and predict the possibility of occurrence of a similar threat within the organisation. In some companies, SOS analysts work with a business continuity team to ensure continuity of the company's resources. This technology can be advanced by incorporating a real-time feed of news, weather, traffic data, company's facility data, camera feeds, incident reports, and physical security systems.
All well-known organisations have a separate team to monitor security at various company facilities and follow global news and weather reports to spot events that could endanger company assets. This type of system can be used to consolidate internal and external security, decrease the operational cost, and improve the company's ability to protect its assets. For instance, companies which are present globally have a mobility team that is responsible for identifying physical threats when an employee is relocating to a particular region. Companies have to consider these threats when critical resources are sent for work in these regions, so an SOS has to manage the health and safety of all international workers working in a foreign land.
Operation
The security analyst monitors real time news feeds, weather reports and global security incidents from available outside feeds. After identifying a potential threat, they can carry out a deep analysis to confirm the status and severity of that incident. These data can be collectively used to generate an alert when a threat activity occurs on a particular geo-location. Say there is a tornado in Asia, then an alarm will be sent to all employees of the Asian region to prepare for precaution mechanisms. All of that company's physical and logical asset owners in that geo-location will also be warned regarding the incident in the case of a natural disaster or other potential threat. The personnel alert can be delivered to the assets by using business or personal email. Moreover, the personal phone number of the individual employees can be used to alert in case of severe incidents.
A displaying portal can be modelled which depicts the sources of risk, weather, natural disaster, breaking news, traffic data, terrorism, disease outbreaks, etc. Analytics can also be applied to these available data for predicting threats to a region. An SOS system can be connected to a company's physical security system and internal data stores. If an alarm is raised, which points out an incident, then the analyst should find out the risk involved in that area. So analysts will be able to correlate such threats with the status of door locks, alarms, and camera feeds and to prepare for an effective communication plan. The communication plan has to be tested regularly to ensure it's working in difficult times. It depends upon the different communication channels (email, website announcement, etc.) that a company uses to determine how long it takes to activate an emergency communication plan. The ideal time of communication is less than an hour, and it is not good for an organisation to not activate a communication plan in the last 12 months.
Architecture
The most common SOS architecture consists of 3 core components:
An SOS system will be provided with data including natural disasters, weather, terrorism, disease out breaks, etc., and from this data an alert can be triggered. This SOS system is input with both local and global incidents. The alerts can be configured in a way such that it will be triggered automatically when an incident occurs, and this alert will notify the corresponding team to take action.
In assessment phase, the threat data is analysed frequently in order to eliminate false positives and thus to find meaningful data. The assessment can be carried out by filtering the incident data which points to our particular area of interest, timestamp of the incident, severity, etc. Other factors like historical occurrences, probability of occurrence, property impact, business impact, and human impact are also considered. In this phase, the data should be assessed and transformed into meaningful information by carrying out ad hoc search, range filtering, and spatial queries, and this enables us to query the data easily from a single interface. Thus, it enables the analyst to drill down the data according to its severity, or can apply any customized filter that makes the data into an understandable one.
During the action phase, the finalized incident data is shared with victims. After the act and assess phase, the conclusion is drawn about whether the incident is critical and whether it affects our assets or not. This can be shared to victims by communication through emails, IM, or personal or office phone number. In this phase, the situation is actively monitored by focusing on it and informing higher management about that incident. Executing the communication phase is a challenging task. If an employee is out of the home base and is in a high risk country without any communication channels, emergency communication plans and procedures need to be optimised to reach such people. Usually emails, social media, website announcements, crisis telephone numbers, and manual call trees are relied on. (A call tree is where an initiator calls two or three people and they in turn call another three people, and this goes on like a loop till we cover the entire region. However, there could be circumstances in which an employee is on vacation or the cell phone is out of range, then the channels for propagating the messages are broken down).
SOS Monitoring
These are some of the events that an SOS system is really beneficial for.
- Natural Disasters
An SOS system can be used to identify and monitor current location and the impact zone of natural disasters including earthquakes, floods, hurricanes, volcano explosions, etc. - Weather ConditionsBad weather conditions can result in the closing of the business unit for a time period. It can also cause a negative business impact by not reporting in a timely manner. The SOS system can be used to alert in a proactive manner against this type of incident.
- Terrorism
The news feeds can be leveraged and conclusions can be drawn regarding global terrorist events and other activities related to that. - Current Events
International and local news feeds can be leveraged to draw a conclusion on the current events that are occurring across the globe. - Disease Outbreaks
An SOS can be used to monitor the risk faced by travellers by collecting information about disease outbreaks in a specific location which may affect employees. - Traffic conditions
Traffic conditions across the office premises and locations to the assets can be monitored. A real time map can created by analysing the traffic data that can be used to choose a better route for employees.
Advantages
Effective response to security incidents
By building an SOS system in an organization, security teams can act effectively in security incidents. This system empowers the incident handling team to perform in a proactive manner and quickly respond to hazards and other incidents.
Increase in operational performance
An SOS system can increase the efficiency of Security Operation Center by building a centralized sight of incidents and security means. It can also leverage the operation for multiple systems, security operators, and local conditions.
Safeguarding the assets and business
Implementing an SOS system enables the protection of all the assets and business against the protection of losses and liabilities. This system facilitates the organization's internal controls and external regulation.
Disadvantages of SOS
However, after considering the high number of advantages of the SOS system, these are the disadvantages that can affect the system.
Real time location awareness
In order to alert the assets of an incident, it is important to know the real-time location of employees. This will be a crucial task if the asset is in an isolated location or situation where the location details can't be transmitted to an SOS central management system.
Data sharing between different organizations
The SOS system will be successful only in the case of meaningful data being shared between organizations. If there is any delay in the data, then an effective response plan can't be formulated within a short period of time.
Legal problems
There will be legal problems in the usage of meteorological and traffic data, and there are many complications in sharing of this data from such government organizations. When these data fall into the hands of the wrong person, it can endanger the rest of the public.
Large Data Traffic
The meteorological and traffic data pose a large quantity of data, and this data should be filtered and stored. In the case of an incident, the historical data should be analysed, which becomes complicated with high traffic.
Others
Poor implementation, lack of understanding from recipients, device failure, unavailability of mobile network, problems communicating internationally, language barrier, lack of good process manual, etc.
Conclusion
Having a good SOS policy in place can help save you should disaster fall on your company. It's important to take the necessary precautions to prevent massive losses. For more on the topic of business continuity and disaster recovery, click here.
References
- http://www.idvsolutions.com/Products/visual-command-center/risk-awareness-software-overview.aspx
- http://www.idvsolutions.com/Documents/Visual-Command-Center.pdf
- http://www.cisco.com/c/en/us/products/collateral/physical-security/physical-security-operations-manager/data_sheet_c78-714743.pdf
In this Series
- Save Our Souls (SOS) [Updated 2019]
- Free Valentine's Day cybersecurity cards: Keep your love secure!
- How to design effective cybersecurity policies
- What is attack surface management and how it makes the enterprise more secure
- Is a cybersecurity boot camp worth it?
- The aftermath: An analysis of recent security breaches
- Understanding cybersecurity breaches: Types, common causes and potential risks
- Breaking the Silo: Integrating Email Security with XDR
- What is Security Service Edge (SSE)?
- Cybersecurity in Biden’s era
- Password security: Using Active Directory password policy
- Inside a DDoS attack against a bank: What happened and how it was stopped
- Inside Capital One’s game-changing breach: What happened and key lessons
- A DevSecOps process for ransomware prevention
- What is Digital Risk Protection (DRP)?
- How to choose and harden your VPN: Best practices from NSA & CISA
- Will immersive technology evolve or solve cybercrime?
- Twitch and YouTube abuse: How to stop online harassment
- Can your personality indicate how you’ll react to a cyberthreat?
- The 5 biggest cryptocurrency heists of all time
- Pay GDPR? No thanks, we’d rather pay cybercriminals
- Customer data protection: A comprehensive cybersecurity guide for companies
- Online certification opportunities: 4 vendors who offer online certification exams [updated 2021]
- FLoC delayed: what does this mean for security and privacy?
- Stolen company credentials used within hours, study says
- Don’t use CAPTCHA? Here are 9 CAPTCHA alternatives
- 10 ways to build a cybersecurity team that sticks
- Verizon DBIR 2021 summary: 7 things you should know
- 2021 cybersecurity executive order: Everything you need to know
- Kali Linux: Top 5 tools for stress testing
- Android security: 7 tips and tricks to secure you and your workforce [updated 2021]
- Mobile emulator farms: What are they and how they work
- 3 tracking technologies and their impact on privacy
- In-game currency & money laundering schemes: Fortnite, World of Warcraft & more
- Quantitative risk analysis [updated 2021]
- Understanding DNS sinkholes - A weapon against malware [updated 2021]
- Python for network penetration testing: An overview
- Python for exploit development: Common vulnerabilities and exploits
- Python for exploit development: All about buffer overflows
- Python language basics: understanding exception handling
- Python for pentesting: Programming, exploits and attacks
- Increasing security by hardening the CI/CD build infrastructure
- Pros and cons of public vs internal container image repositories
- CI/CD container security considerations
- Vulnerability scanning inside and outside the container
- How Docker primitives secure container environments
- Top 4 Zapier security risks
- Common container misconfigurations and how to prevent them
- Building container images using Dockerfile best practices
- Securing containers using Docker isolation
- Introduction to container security
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
General security
Free Valentine's Day cybersecurity cards: Keep your love secure!
General security
General security