About Crisis
For information about crises as a field of study in international relations, see crisis management and international crisis. In this context, a crisis can be loosely defined as a situation where there is a perception of threat, heightened anxiety, expectation of possible violence and the belief that any actions will have far-reaching consequences (Lebow, 7-10).
In InfoSec Crisis is the present tense of a disaster. An uncontrolled disaster or a combination of mismanaged disasters could lead to a crisis. The magnitude of crisis could be bigger than a disaster in terms of loss expectancy. A crisis usually happens because of accumulated unattended/unresolved disasters/issue(s). It is always the goal of InfoSec to contain the disaster and never give it a chance to become a crisis. When a disaster becomes a crisis it usually out of control in some form or proportion. Every Crisis is a disaster, on the same token a Disaster need not be a crisis, because it could be controlled way before it becomes crisis.