Responding to a cybersecurity incident and/or data breach is harrowing. Your organization’s incident response plan should be tested regularly, and tested for a variety of real-world issues. At Fathom Cyber, we help your organization construct scenarios that stress-test your incident response plan.
Incident Responses as Part of Awareness Training
Mock incident responses are useful as part of security awareness training. They help find places where existing plans need improvement, and identify data and other artifacts that are not being collected. Most importantly, they are a good way to get the senior management, including the Officers and Directors, to begin discussing cybersecurity and data privacy, and to better understand why they need to be not only informed, but involved.
Incident Responses as Part of Continuous Improvements
Organizations change. Unfortunately, incident response plans don’t always keep pace with those changes. Quarterly or semi-annual incident response testing helps make sure that the incident response plans are properly maintained, and that they still reflect the organization’s priorities and business policies.
Business-Sensitive Mock Incident Response Sessions
Many organizations run their mock incident response sessions with all possible participants in the session. This means that people from different roles within the organization are interacting with each other, in many cases for the first time. While this does simulate a real-world incident, it can be intimidating or embarrassing for different participants. At Fathom Cyber, we recommend initially conducting a few separate incident response sessions (e.g., at the board, executive, security team, and technology team levels) before bringing a larger team together. This allows the participants to better understand their roles, to refine the incident response plan, and for a smoother incident response.