Cyber Training, Incident Management and Exercises
Cyber Incident Management
“You are going to be hacked: Have a plan,” said Josef Demarest, of the FBI. "You should also test and exercise that plan".
The hack of Talk Talk, Yahoo and Target and their repose has again highlighted the need to companies both large and small to be prepared for managing the external response to a hack of their systems. PlanB Consulting has developed a series of exercises and scenarios which can be used by senior managers to explore and practice their response to a cyber attack.
PlanB Consulting take the following into account when planning a cyber exercise.
In planning the scenario, we will plan it to be different to the standard Business Continuity or Crisis Management scenarios, the exercise will involve strategic response, be challenging and have media interest. The scenario will be credible and tie-in with current real incidents. Our exercise will involve the following.
- Strategic decision such as:
- When to tell stakeholders and customers there has been a possible breach. Different countries and USA states have different statutory reporting requirements and so the team will have to take this into account.
- Whether to turn off systems if you suspect they have been compromised.
- Involvement of law enforcement.
- When to engage with the media.
- How to respond to any ransom demands.
- Communications with a wide variety of stakeholders.
- Managing the response to the media.
- Managing stakeholders across a number of time zones if applicable.
- Notification of various bodies governing data protection in countries you have operations in.
- Putting out guidance to stakeholders if personal data has been lost.
- Managing speculation and rumour.
- Managing the interface between those responding technically and those managing the incident and communications.
- Liaison with law enforcement and managing the forensic elements of the breach.
PlanB Consulting have carried out a wide range of cyber exercises and our clients have varied from Scottish Government departments to Financial Service Institutions.
These scenarios were developed in keeping with the risks outlined in ‘UK Cyber Security – The role of insurance in managing and mitigating the risk’ March 2015 report published by HM Government, and the recommendations in ‘Computer Security Incident Handling Guide – Recommendations of the National Institute of Standards and Technology’ revision 2 August 2012 published by the National Institute of Standards and Technology.
Read our blog post on Ten Lessons from a Cyber Attack Response Exercise
Cyber Incident Management and Response Training
PlanB Consulting carried out its first Cyber Incident Management and Response Training course, in May 2017. The audience was the Business Continuty Coordinators of a Local Authority. The course covered the following subjects:
- Cyber Incident landscape and threats
- Preparing your organisation
- Personal internet security
The course was based on materials developed for the "Managing and Preparing for Cyber Incidents" course develped for sister company Business Continutiy Training. Details of their course can be found here https://www.b-c-training.com/courses/managing-and-preparing-for-cyber-incidents
Stuart Wadley Ports and Harbours - Rated Course: "Excellent" Comment: "Excellent Delivery, engaging and thought provoking"
Denise Bell HR - Rated Course: "Very good" Comment: "Liked the practical no-nonsense approach"