If your firewall was breached, for example, look for other vulnerabilities that hackers could exploit. If your server crashed because of a bad patch, check whether other servers are using similar patches. "It's easy to forget this, because you're so focused on the problem at hand," McBride says.
Also, examine why the crisis wasn't averted in the first place by your early-warning processes and systems.
Communicate with all stakeholders.
After experiencing a technical meltdown, people want answers. It's your job to help supply them, Lemecha says.
Following ChoicePoint's 2005 breach, Lemecha made sure that various stakeholders the board, customers, consumers, the IT organization, all ChoicePoint associates, the news media and regulatory bodies knew what had happened and what was being done to fix it.
"Initially, I spent time on the phone with various business unit leaders, discussing with customers what actually happened and how the customers' data and our systems were secure," says Lemecha, who recalls speaking to one upset customer for two hours.
"He had a large number of misconceptions about ChoicePoint, the incident and the data that we maintained on consumers," Lemecha says. "At the end of the call, he was so pleased with what ChoicePoint was doing that he sent [CEO Derek Smith] a note congratulating us on our steps."
Lemecha talked with corporate information officers and their senior staffers and explained the steps IT was taking to protect information, such as the removal and truncation of sensitive data.
He also assisted in the preparation of board presentations and worked with others to create a Web site that offers consumers up-to-the-minute information on privacy efforts.
Eventually, "everybody participated in communicating to customers," Lemecha says. The business unit general managers coordinated the customer communication efforts, first by calling customers and later by distributing documents that explained ChoicePoint's privacy and security practices.
"If we were to do it all over again, I would have all these materials in place upfront so that we could have distributed information to the media, regulatory bodies and customers and posted information on our Web sites simultaneous with any consumer notices," Lemecha says. "This would reduce the amount of false information that [proliferates] on the Web in times of crisis."
After a crisis, he says, the CIO is uniquely qualified to communicate in virtually every direction. "The CIO is in the best situation to really understand all the technical issues, the business process issues and how they all come together," Lemecha says. He can "talk up to the executives and talk down to the technologists" about the direction the company is headed, as well as convey information outward to customers.
Connect with affected colleagues.
When hardware problems affected his company's energy trading operations, Fishback flew from his San Jose office to Houston to meet with his senior management team a dozen or so officers and directors who are based there.