Personally Identifiable Information
Most people and their organizations would agree they are overwhelmed by information that is spread all over in e-mails, web sites, binders, intranets, etc.
BUT, most people and their organizations would also agree they are not overwhelmed by awareness, and more specifically they are not overwhelmed by Situational Awareness.
Lessons learned continue to reveal that just having information is not enough. Most of the highly publicized tragedies and incidents reveal that information in the form of red flags or intelligence or risk assessments actually existed BEFORE the incident occurred.
And many incidents could have been prevented had the information been translated into Situational Awareness and shared with the right individuals in the right place at the right time so they could have taken appropriate actions to prevent or intervene or respond more proactively.
For the next week or month or longer, when you become aware of an incident or a mistake in your organization or another organization ask yourself these questions:
- Did information exist that could have helped prevent the incident or mistake?
- Does my organization have a good way to turn information into situational awareness?
- Do all appropriate individuals have the ability to access confidential situational awareness?
- Does our incident reporting system just pass along information?
- Do our threat assessment and security teams have access to situational awareness?
- Do our decision makers and leaders have on-demand access to updated situational awareness?