Preparing for cyber crises is essential for both government agencies and private enterprises. However, orchestrating effective tabletop exercises requires careful planning and involvement of key stakeholders. In this discussion, we delve into the high-level structured framework for conducting cyber crisis drills, emphasizing the importance of executive participation and tailoring scenarios to specific organizational functions.
Here is the verbatim discussion:
How long should it be? What should be the structure? What are some best practices? What are some do's and don'ts? So building a kind of high level structured framework for conducting cyber crisis drill for enterprise, how would you approach that? Great question. Yeah. So I've been a part of many of those, both within government and now in the private sector, working with us, with infragard, with federal agencies, with us state agencies and others. So, first of all, obviously, there are different types of tabletops. I'm going to talk about one that really, for example, in Michigan, would be a whole of government approach, which really needs to involve the top executive. So whether it's government, but whether it's a private sector, like you said, it's a large enterprise. You need to really have the decision makers, the board members and or the top, if you'r big decision makers need to be there because they need to really understand, you know, what happens when you have a ransomware attack, what happens when you have your hacked or you have a data breach? What are the steps you need to go through? So the first thing I would say is around that table at a high level, you need to have the business executives Included. So you need to have elements of legal, you need to have elements of, of financial, you know,your CFO, you need to have obviously in government we have police, you know, the people who are enforced as the security team, the people that are actually going to be implementing this from a technology perspective. So CIO's chief information officers also, you know, different, different types of experts in business areas. So whatever, you know, who knows which area might be hit? Last year the biggest area in the US was hospitals. So if this was a hospital tabletop, you know, the scenarios for doctors might be slightly different than it might be for a government, or if it's for a bank, it could be different. You know, what are the different functions?
Highlights:
Inclusive Participation: Cyber crisis drills should involve a diverse group of stakeholders, including top executives, board members, legal advisors, financial experts, and IT professionals. This ensures a holistic understanding of the potential impacts and necessary response strategies.
Tailored Scenarios: The scenarios presented during tabletop exercises should be tailored to the unique functions and vulnerabilities of the organization. Whether it's a government agency, a hospital, or a bank, each entity faces distinct cyber threats that require targeted preparation and response plans.
Learning from Past Incidents: Drawing insights from past cyber incidents can inform the development of realistic scenarios and response strategies. By analyzing previous breaches and their consequences, organizations can better anticipate future threats and mitigate risks effectively.
Best Practices: Incorporating best practices into cyber crisis drills enhances their effectiveness. This includes clear communication protocols, designated decision-makers, and regular updates to response plans based on evolving threats and technologies.
The success of cyber crisis drills hinges on comprehensive planning and active participation from key stakeholders. By engaging executives and experts from various domains, organizations can develop robust response strategies tailored to their specific needs. Through realistic scenarios and continuous refinement of response plans, entities can strengthen their resilience against cyber threats, safeguarding their operations and reputation in an increasingly digital world.
Speakers:
Dan Lohrmann is an esteemed cybersecurity expert and Field Chief Information Security Officer (CISO) for Presidio, celebrated for his impactful career across both public and private sectors. With beginnings at the National Security Agency and roles at Lockheed Martin and ManTech, he has been recognized as CSO of the Year among other accolades. Dan is also a prolific author and speaker, sharing insights on cybersecurity and technology modernization through his award-winning blog and publications.
https://www.linkedin.com/in/danlohrmann/
Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.
Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to the cloud.
https://twitter.com/bikashbarai1
https://www.linkedin.com/in/bikashbarai/
.png)
Comments