ISF World Congress:

Blue Lights and Breaches:

Bridging the Gap Between Cyber and Emergency Response for Better Incident Management

Thank you for listening to my talk today. I hope this topic raised some questions for you, as it did for me.

I’ve provided below links to the templates and frameworks I outlined, which you are welcome to use and apply within your organisation.

The additional below links will help you look further into the topics I discussed.

I’d also love to hear about other approaches and experiences aligning cyber and non-cyber emergency response, and how useful this was for you.

Regards,

Matt

Newsletter (for updates and info on cyber IR)

Incidentally | Substack

Connect with me on LinkedIn

Matt Palmer - LinkedIn


Key questions for your IR process

  1. Do you know how you would declare a major incident, and communicate this?

  2. Do you know how quickly all necessary teams and capabilities can respond? Not just IT - what about suppliers, communications, etc?

  3. Do you have sufficient capacity for a major incident? If not, where will it come from, and how will they know what to do?

  4. Do you know how you will prioritise and triage multiple competing needs?

  5. Do you know what your priorities are from a business and ethical perspective?

  6. Do you have a ‘control room’ approach and ability to communicate, even if you have systems or network issues?

  7. Do front line responders such as IT understand the basics of ‘cyber first aid’ - what steps they should and should not take?

Ref: Manchester Arena attack: Key failings of emergency response

Templates and tools to use in your Cyber Incident Response process

JESIP Principles for Joint Working

Principles for joint working - JESIP Website

M/ETHANE IR Information Sharing Framework

M/ETHANE - JESIP Website

Joint Decision Model

The Joint Decision Model (JDM) - JESIP Website

About Cyber Incident Interoperability

https://mattpalmer.net/cyber-incident-interoperability

Never mind the Pollocks: Aligning Incident Response with Emergency Response Using JESIP

TF-CSIRT Meeting & FIRST Regional Symposium Europe January 2025, Monaco - James McLaren, JCSC

Program Agenda: 2025 TF-CSIRT Meeting & FIRST Regional Symposium Europe

About JCSC

ISF Podcast:

Creating a CERT on Jersey with Paul Watts (ISF), Mark Ward (ISF), and Matt Palmer (JCSC)

Part 1:

https://www.securityforum.org/spotlight-on/creating-a-cert-on-jersey-part-one/

Part 2:

https://www.securityforum.org/spotlight-on/creating-a-cert-on-jersey-part-two/

Article: InfoSecurity Magazine - Behind the Jersey Cyber Security Centre's Proactive Cyber Defense Mission

https://www.infosecurity-magazine.com/interviews/interview-jersey-cyber-security/

Video: Building a NatCSIRT at Nano Scale

FIRST Conference 2025, Fukuoka - Paul Dutot, JCSC

Building a National CSIRT on a Nano Scale - YouTube

Jersey Cyber Security Centre

JCSC: Jersey Cyber Security Centre

More about learning from emergency response

Pollock Report - UK Review of Persistent Lessons Identified Relating to Interoperability from Emergencies and Major Incidents since 1986

The Pollock Report - JESIP Website

Manchester Arena Enquiry Report - Emergency Response

Manchester Arena Inquiry Volume 2: Emergency Response - GOV.UK

Kerslake report

Kerslake_Arena_Review_PROOFED.docx

Matt Palmer, October 2025

Subscribe: Incidentally | Substack