While conducting tabletop exercises for cyber crisis preparedness is crucial, the ultimate goal is to translate preparedness into tangible readiness. In this discussion, we explore strategies for ensuring that cyber crisis drills yield actionable outcomes, focusing on the creation of response templates and fostering real readiness beyond mental preparedness.
Here is the verbatim discussion:
Any thoughts on how to make it very effective so that some real stuff come out of it. So our goal had been not just to kind of be mentally prepared, but also to create those responses and to create those templates so that out of that exercise we have some real readiness apart from the kind of preparedness, from the kind of thinking perspective, et cetera. But get all these things written down. So what's your thought on that in terms of doing it as a single exercise or breaking it down? Yeah, most of the times I've seen it done again, most of my, I have been a part of a couple in the private sector. I've been part of more in government and statewide. Like, you know, what If we had a health emergency? You know, we actually, quite frankly, did a bunch of exercises around pandemic prior to COVID, you know, and being prepared. And obviously there's all kinds of people that need to be involved in that. Even now there's scenario based things about what's going to happen with vaccines and all kinds of things related that aren't specifically cyber relatect you know.
Highlights:
Creating Tangible Responses: The primary objective of cyber crisis drills is not merely to simulate scenarios but to generate concrete responses and templates for future use. By documenting the decisions, actions, and lessons learned during the exercise, organizations can establish a repository of best practices and response protocols.
Comprehensive Approach: Effectiveness is maximized when cyber crisis drills encompass a holistic view of potential threats and responses. This involves not only addressing technical aspects but also considering legal, financial, and operational implications. By involving a diverse range of stakeholders, organizations can ensure comprehensive preparedness.
Continuous Improvement: Cyber threats evolve rapidly, necessitating continuous refinement of response strategies. Organizations should view cyber crisis drills as iterative processes, regularly revisiting and updating response plans based on emerging threats and lessons learned from past exercises. This adaptive approach enhances readiness in the face of evolving cyber risks.
Scenario Diversity: While cyber threats are a primary focus, drills should also incorporate scenarios that extend beyond the digital realm. Exercises addressing health emergencies, such as pandemics, demonstrate the versatility of preparedness efforts. By exploring diverse scenarios, organizations can enhance their overall resilience and readiness.
The effectiveness of cyber crisis drills lies in their ability to translate preparedness into actionable outcomes and real readiness. By documenting responses, adopting a comprehensive approach, and embracing continuous improvement, organizations can extract maximum value from these exercises. Furthermore, incorporating diverse scenarios ensures readiness for a wide range of potential threats, strengthening overall resilience in an increasingly complex threat landscape.
Speakers:
Dan Lohrmann is an esteemed cybersecurity expert and Field Chief Information Security Officer (CISO) for Presidio, celebrated for his impactful career across both public and private sectors. With beginnings at the National Security Agency and roles at Lockheed Martin and ManTech, he has been recognized as CSO of the Year among other accolades. Dan is also a prolific author and speaker, sharing insights on cybersecurity and technology modernization through his award-winning blog and publications.
https://www.linkedin.com/in/danlohrmann/
Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.
Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to the cloud.
https://twitter.com/bikashbarai1
https://www.linkedin.com/in/bikashbarai/
.png)
Comments