I have all my processes in place, why should my organisation need to do anything else?
Having a defined process is great. However, if you don’t regularly exercise it, how do you know that it works and that all stakeholders are aware of what to do? Do you have new staff? Has the threat landscape changed? Are the steps still relevant? Don’t wait for a real cyber security incident to test your organisation’s preparedness. Finding flaws in your response plan during a live situation could result in a greater incident impact – financial, operational and reputational.
A tailored approach
We recommend that our clients test their incident response plans regularly through simulated scenarios known as table top exercises. Our approach is to identify your critical business systems and run these exercises based on attack scenarios that are specific to your organisation. This is to simulate “true to real life” situations, responses and reactions.
Our table top exercises are discussion-based exercises where key stakeholders meet in a classroom setting or in breakout groups to discuss their roles and responses during a particular emergency situation.
A facilitator presents a scenario tuned to your environment and asks the exercise participants questions related to the attack scenario. This initiates a discussion among the participants about roles, responsibilities, coordination and decision-making. A table top exercise is discussion-based only and does not involve deploying equipment or other resources. The resulting report on the identified process gaps can be used as a priority action plan for remediation and improved resilience.
In the current threat landscape, cyber attacks are inevitable. Preparation is key to survive a cyber attack. Having a current, fully-tested and well-practiced response can mean the difference between a predictable, planned outcome or a state of disorganised panic.
To discuss your cyber security and data protection plans with one of our security experts, please contact email@example.com or visit cgi.com/au/cyber-security-australia.