Unlocking the Power of SBAR

Effective communication is the backbone of any successful team, especially in high-stakes fields like IT and Information Security (InfoSec). One powerful tool that can enhance communication is the SBAR framework. Originally developed for healthcare, SBAR (Situation, Background, Assessment, Recommendation) has proven to be a versatile communication model that can be adapted to various industries, including IT and InfoSec.

A Brief History of SBAR

Who came up with this concept?

SBAR was first developed by the military for use in nuclear submarines and later adopted by the aviation industry. It gained prominence in healthcare when it was introduced to rapid response teams at Kaiser Permanente in Colorado in 2002 to improve patient safety.

How do I use it?

The structured format of SBAR allows for clear, concise, and organized communication, which is crucial in any environment.

Situation:

This section explains the “why” behind your communication to the intended audience. It is generally brief.

This is what is happening now, at this moment.

In general business communication, it can be substituted with “Summary” (as in Executive Summary).

Background:

This section should include any relevant history. Anything that the audience may need to know to make an informed decision. Knowing your audience here is highly relevant, especially in an IT or InfoSec setting where leadership may not be intimately familiar with tools or configurations.

Assessment:

This section is reserved for objective facts and findings. In healthcare, it’s the patient assessment. In IT and InfoSec, it’s log data, timelines, screenshots, memory dumps, and lists of actions taken (not limited to just these…it can be anything really).

It’s important to write this section in a way that’s as non-biased, or objectively, as you can make it, not providing your opinion or recommendations.

Recommendation:

Finally, this is where your expertise and experience can shine. Based on the assessment findings, this is your recommendation of next steps. It can be broken down into sub-sections like “immediate actions” and “long-term” actions, or however you see fit based on the situation.

Generally, I like to include a clause at the end that allows the audience to make suggestions and recommendations of their own if they don’t agree with the one presented. It presents an opportunity to learn from leaders if they go down a totally different path.

Applying SBAR in IT and InfoSec

While SBAR is widely used in healthcare, its principles can be effectively applied to IT and InfoSec to streamline communication and decision-making processes. Here are some examples of how SBAR can be utilized in these fields:

Incident Response:

Situation: Describe the current issue, such as a security breach or system outage.

Background: Provide context, including relevant system configurations, recent changes, and potential vulnerabilities.

Assessment: Analyze the impact of the issue, identifying affected systems and data.

Recommendation: Suggest immediate actions to mitigate the problem and long-term solutions to prevent recurrence.

Project Management:

Situation: Outline the current status of a project, including milestones and deadlines.

Background: Detail the project's history, objectives, and any challenges encountered.

Assessment: Evaluate the project's progress, identifying risks and areas needing attention.

Recommendation: Propose adjustments to the project plan, resource allocation, or timelines.

Vulnerability Management (hypothetical example):

Situation: A critical vulnerability has been detected on a group of primary servers.

Background: These servers are key components of sensitive business functions. This vulnerability was discovered during a scheduled scan on date/time.

Assessment: This vulnerability was discovered on 1/1/25 and could allow unauthorized administrative privilege to these servers, posing a significant risk to data integrity and business operations. Likelihood is X, Difficulty is Y, Threat actors are Z, and mitigations include A, B, C.

Recommendation: Immediate action is to apply a temporary network change to block remote sessions to these machines. Long-term action is to apply the patch when it’s available from the manufacturer (after appropriate testing).

More Reasons to Use SBAR in IT and InfoSec

Implementing SBAR in IT and InfoSec offers several benefits that not only help make you sound more credible, but also dramatically impact the actionability of your written communication.

Leaders do not want to have to read a wall of text.

They, like all of us, suffer from TLDR syndrome (too long didn’t read). Not because they don’t care, but because they are subconsciously wanting to reserve brain power for bigger or more pressing issues.

Communication tactics, like SBAR, provide the opportunity for you to provide more value.

Clarity and Precision: Ensures that relevant information is communicated clearly and concisely, reducing misunderstandings and errors.

Efficiency: Structured formats help teams quickly grasp the situation and make informed decisions, saving valuable time during critical incidents.

Consistency: Provides a standardized approach to communication, ensuring that all team members are on the same page and can easily follow the conversation.

Empowerment: Team members can confidently present their assessments and recommendations, fostering a culture of proactive problem-solving.

Conclusion

Adopting SBAR communication in IT and InfoSec can significantly enhance team collaboration and decision-making. By providing a clear, structured framework for conveying information, SBAR helps ensure that critical details are not overlooked. Everyone involved can contribute more effectively to resolving issues and achieving project goals.

Embrace SBAR and unlock the potential for more efficient and effective communication in your IT and InfoSec teams.

Elevate the Cybersecurity Skills of Your Staff with our Security Mentor Service!

Need security but don’t have a budget for dedicated staff?

Our Security Mentor Service offers personalized guidance, expert insights, and individualized sessions to build your security internally. Reducing risk and saving money on contractors and managed services by empowering you or your existing employees.

Start today and unlock your full potential, boost your career, and provide value to your business!