Dan Slimmon: An Incident Command Training Handbook
How to structure and lead an incident response. The five questions of a status update. How to manage information flow effectively.
Slimmon's writing style is direct and simple. It's a mid-length article with some detail, but you could follow it in a high-stress situation (like mid-incident) and benefit immediately.
Best case scenario is to have the whole team read it ahead of time to understand the structure. When it's showtime everyone can slide into their roles and know their responsibilities.
An Incident Commander’s job is to keep the incident moving toward resolution. But an Incident Commander’s job is not to fix the problem. As Incident Commander, you shouldn’t touch a terminal or search for a graph or kick off a deploy unless you’re absolutely the only person available to do it. This may feel uncomfortable, especially if your background is in engineering. It will probably feel like you’re not doing enough to help. What you need to remember is this: whatever your usual job, when you’re the Incident Commander, your job is to be the Incident Commander.
Managing information flow is the single most important responsibility of the Incident Commander.
Sometimes the most effective thing you can do is coordinate the experts.