Unravel the intricacies of the OODA loop, a decision-making process that's as intriguing as it is effective. Discover its origins, its applications, and how it can be harnessed to enhance your strategic thinking and problem-solving skills.
Verizon
Verizon is a global telecommunications giant with a massive presence in the U.S.
- The Verizon Network Threat Advanced Analytics platform detects cybersecurity risks before they can affect the customer’s business
- Rapid response retainer customers can negotiate service contracts with on-site incident mitigation SLAs as low as 24 hours
- Other services include preemptive intelligence visibility, monthly intelligence briefings, customizable cybersecurity reports and endpoint management and threat detection services
DXC Technology
The U.S.-based company maintains a global network of SOCs and offers a variety of managed services to help customers protect their data, applications, infrastructure, and endpoints
Trustwave
Offers on-site incident response support globally
- Partners with telecommunication and service providers in strategic locations to provide more localized support
- Trustwave Fusion platform to provide US government agencies and suppliers threat detection and response services that meet stringent U.S. federal government security requirements
7 best practices for Web3 security risk mitigation
Incident response plans are the first line of defense when it comes to dealing with an unplanned and potentially disruptive event that affects the security and integrity of an organization’s IT infrastructure.
- Without an incident response plan in place, an organization’s response to an incident — especially a cyber attack — could be haphazard and disastrous.
Related Terms
A business goal is an endpoint, accomplishment, or target an organization wants to achieve
The OODA Loop: The Four Steps
Observe: The first step is to identify the problem or threat and gain an overall understanding of the internal and external environment
- Orient: Reflect on what has been found during observations and consider what should be done next
- Decide: The decision phase makes suggestions towards an action or response plan, taking into consideration all of the potential outcomes
- Act: The action pertains to carrying out the decision and related changes that need to be made in response to the decision
Symantec
Offers incident response retainers and security readiness services that include global on-site SLAs as low as 24 hours
- Other benefits include emerging threat reports, a dedicated service manager, and the ability for customers to use the symantec DeepSight security analytics platform
Success of the OODA Loop
Make it as short as possible, minimizing reaction times in high-stakes situations
- Hick’s Law: when there are multiple options available in response to a stimulus, reaction time is slowed down
- Tempo: ability to make decisions faster than an opponent and generate unpredictability
Advantages of the OODA Loop
Enables quicker, more streamlined decision processes
OODA loop related terminology
Maneuver warfare
- This is a strategy used in the military that emphasizes disrupting the enemy’s decision-making skills in order to defeat them
- Mental models
- These are representations or explanations of human behavior that exist on a personal, internal level
- Situational awareness
- The comprehension of all environmental stimuli
- Reaction time
- This refers to the time that elapses between a stimulus and the response given to that stimulus
Nippon Telegraph and Telephone (NTT)
A Tokyo-based company, NTT is a global telecommunications and technology integrator.
The OODA loop (Observe, Orient, Decide, Act)
A four-step approach to decision-making that focuses on filtering available information, putting it in context, and quickly making the most appropriate decision while also understanding that changes can be made as more data becomes available
- Useful in scenarios where competition is involved and where the ability to react to changing circumstances faster than an opponent leads to an advantage
- Many modern environments can be described as volatile, uncertain, complex, and ambiguous, or VUCA. Surviving and winning in this type of situation rests upon making better decisions
Increased use of third-party incident response
Incident response vendors offer services such as post-breach investigations, ransomware removal and proactive breach response plans
- With an active retainer for incident response services, service-level agreements (SLAs) include specific emergency response times
- These services give the customer’s enterprise security team access to highly skilled professionals
BAE Systems
The U.K.-based company offers preemptive threat prevention services, including custom threat intelligence tools, penetration testing and attack preparation tools.
- If an attack or breach does occur, BAE deploys its experts to the customer’s location. The company provides advanced incident response technical support and can assist with the management of PR.
History of the OODA Loop
John Boyd developed the energy maneuverability theory, which he applied to the combat operations process, often at the operational level, during military campaigns.
- Since the military is highly classified, much of Boyd’s original idea was left unpublished, leading to the development of the concept in other fields such as business and sports.
Examples of the OODA Loop
In everyday life: someone may observe they are hungry, orient themselves in relation to potential places to buy food, decide to pick a specific restaurant and act by eating
- Business: a competitor releases a new product to help decide how the company will react or adapt
- Incident response: can be used to assess the situation, respond appropriately and refine practices to prepare for future catastrophes
Criticism of the OODA Loop
It might be too obvious, wasting time
- The underlying goal of making decisions faster than the opponent to increase the odds of winning should be a universal goal regardless of which decision-making method is employed
- However, it can be helpful for organizations that need to reflect on the results that their decisions have led them to
Secureworks
Offers a wide range of security incident response services
IBM
Developed an IT security and incident response division that’s managed out of five global 24/7 SOCs
- IBM X-Force
- Uses its QRadar SIEM to monitor all customer threats
- Provides endpoint management services and advanced security analytics
- Offers customers various security consulting services
Alternatives to the OODA Loop
Military decision making process (MDMP)
- SWOT analysis
- Strengths, weaknesses, opportunities and threats
- What internal attributes and resources an organization has that would support a positive outcome
- Weaknesses
- Differences
- Opportunities
- Threats
- External factors that could jeopardize an organization’s positive outcome
Disadvantages of the OODA Loop
Difficult to understand or interpret
- Puts organizations at a higher risk of encountering threats associated with making a decision too soon
- Can make it harder to “undo” a mistake
- Give teams a false sense of credibility
- Does not incorporate the inherent added response times associated with team cooperation
- The opponent may also be employing the loop
The OODA Loop
The future of incident response will be in real-time ODA feedback loops
Considerations when choosing an incident response vendor
Determine the specific incident response requirements of your organization
- Research the market for incident response service providers
- Prepare a request for proposal or request for quotation
- Install and test the system
- Set up maintenance, performance review and testing schedules
Factors that affect the OODA Loop
The amount of time it takes to execute a response
- Denial that an event has occurred
- Complexity of stimulus
- Emotional stress at onset
- Level of trust within team to rely on each other’s decisions
- Intuitive skill
- Clearly, or unclearly, defined business goals
Uses of the OODA Loop
Military planning models are often applied to uses outside of their original context due to their effectiveness in extreme situations.
- In business, it is used to examine what is happening externally and how results are performing in order to become more agile
- Due to the growth of data analytics, the loop is a popular method for handling an influx of constantly emerging information