Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Cyber resilience and decision ownership: what teams miss most


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 10141
Topic starter  

TL;DR: Cyber resilience fails or succeeds on people, process, and trust under pressure, according to Commvault’s STRIVE conversation with Dr. Jessica Barker. Clear decision ownership, preparation, and cross-team confidence matter more than tool choice when incidents force rapid coordination and imperfect information.

NHIMG editorial — based on content published by Commvault: STRIVE episode on the human side of cyber resilience

Questions worth separating out

Q: How should teams define decision ownership in cyber incident response?

A: Teams should assign named authority for containment, privileged access changes, and recovery actions before an incident happens.

Q: Why does preparation matter so much for resilience?

A: Preparation matters because stress reduces judgment quality and makes unfamiliar workflows slower.

Q: What do security teams get wrong about trust during incidents?

A: Teams often treat trust as a cultural concept rather than an operational enabler.

Practitioner guidance

  • Define incident-time decision ownership Document who can revoke credentials, approve emergency elevation, and trigger containment actions during outages or security events.
  • Exercise identity recovery paths Run simulations that force teams to handle account lockouts, privileged access failures, and emergency access approvals under time pressure.
  • Pre-approve cross-team escalation routes Map the handoffs between security, infrastructure, operations, and business leadership so escalation does not stall when one team is unavailable.

What's in the full article

Commvault's full STRIVE episode covers the practical detail this post intentionally leaves for the source:

  • The full discussion of how Dr. Jessica Barker frames confidence, trust, and decision-making under pressure.
  • Examples of how culture affects incident response behaviour in real organisations.
  • The episode's broader framing of resilience as a human and organisational issue, not just a technical one.
  • The complete set of STRIVE discussion points on preparation, ownership, and team coordination.

👉 Watch Commvault's STRIVE episode on the human side of cyber resilience →

Cyber resilience and decision ownership: what teams miss most?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 9696
 

Decision clarity is a resilience control, not a soft management issue. The article is right to stress that hesitation creates gaps, because incident response breaks down when no one knows who can approve revocation, escalation, or emergency access. In IAM and PAM programmes, those decision rights must be designed as part of control architecture, not left to informal coordination. Practitioners should treat authority mapping as a recoverability requirement.

A question worth separating out:

Q: Who is accountable when privileged access decisions fail during recovery?

A: Accountability should sit with the function that owns the decision path, not with whichever team happened to be online first. Incident governance should define who approves emergency privilege, who validates the business need, and who records the action for audit and post-incident review. Clear ownership reduces hesitation and preserves control.

👉 Read our full editorial: Cyber resilience depends on human decision-making under pressure



   
ReplyQuote
Share: