Cybersecurity Series
Cyber Security_Blog_with Book

CIR TE Overview of Testing and Exercising

Regardless of the comprehensiveness of the developed CIR plan, the situation during a cyber security attack is very chaotic, and human error becomes a key concern.

Keeping cool as a cucumber and relying on documented procedures can guide organisations to respond effectively to cyber security attacks.

This article discusses how conducting rigorous, regular tests and exercises on developed preventive and response strategies increase the organisation’s confidence during cyber security attacks.

Reference: Chapter 9 Testing and Exercising 9.1 Introduction to 9.3 Scope Plan

Moh Heng Goh

Banner 8 V2

CIR Testing and Exercising

Overview

1. Introduction

Regardless of the comprehensiveness of the developed CIR plan, the situation during a cyber security attack is very chaotic, and human error becomes a key concern. Keeping cool as a cucumber and relying on documented procedures can guide organisations to respond effectively to cyber security attacks. Conducting rigorous and regular tests and exercises on developed preventive and response strategies increases the organisation’s confidence during cyber security attacks.

2. Objectives

By conducting tests and exercises regularly, the effectiveness (Goh, 2006) of the CIR plan is evaluated. The implemented security controls and execution of response measures are judged. If they are not satisfactory to the organisation in ensuring effective management of cyber security attacks, then adjustments and improvements must be made.

After the changes have been made, the organisation has to ensure that all relevant parties are aware of the update. At the same time, the plan’s viability is evaluated to see if the established recovery objectives can be met. If the procedures documented and the established recovery objectives are unrealistic, the management of cyber security incidents will be inefficient or impossible.

By carrying out tests and exercises, the organisation is putting itself into the mindset of a cyber-criminal. Cybercriminals have multiple attack vectors to deploy their specially designed techniques. By simulating cyber security attacks, the organisation can identify and understand how the cybercriminal approaches and performs their craft and take appropriate actions to improve.

The organisation can prepare itself for multiple scenarios of cyber security attacks through tests and exercises, increasing its ability to manage the actual cyber security incident.
Practice makes perfect. Taking sports as an example, disregarding professionalism, anybody can pick a sport and play it. However, to be considered skilled in the sport, the person has to spend time and effort to train himself regularly. Over time, the person’s skill gradually increases.

A similar concept can be adopted for the conducting of tests and exercises. Conducting them repeatedly increases the employees’ ability to manage cyber security incidents as they know the thought processes and procedures to undertake depending on the situation. However, repetitive tests and exercises will make the employees lose interest as they find it boring. Hence, the test should be designed interestingly and not feel repetitive to the employees.

3. Scope

The scope of testing and exercising (Goh, 2006) the CIR plan is dependent on the following:

  • Component of response plan to be tested: recovery strategies, established recovery objectives and acceptable downtime;
  • Internal and external parties involved; and
  • Availability of necessary resources

The organisation’s ability to mitigate or respond to cyber security incidents relies on the scope; if the test or exercise is unsuccessful, changes must be made to ensure that the organisation can handle cyber security incidents.
Although the nature of each test or exercise is unique, there are several components that all organisations look out to:

  • Confirm that RTO is acceptable to justify the ability to restore business operations to an acceptable level of operational capability during a cyber security attack;
  • Verify that the developed strategies are adequate; and
  • Evaluate the performance and coordination of involved parties

Related Topics for CIR Testing and Exercising

Overview of Testing and Exercising Test Design Types of Tests
New call-to-action New call-to-action New call-to-action
Scheduling 9.7 Baseline for Success Criteria Back To: Table of Content
New call-to-action New call-to-action New call-to-action

 

 

BCMI Logo

Do You Want to Continue BCM Training onsite or online?

Competency-based Course
Certification Course
New call-to-action New call-to-action [BL-3-Catalog] What Specialist Level Blended Learning Courses that are Available? [BL-5-Catalog] What Expert Level Blended Learning Courses that are Available?

A Manager’s Guide to BCM for Cybersecurity Incident Response

Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.

Reference: Chapter 9 Testing and Exercising  9.1 Introduction to 9.3 Scope Plan

Note:  This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.

 

 

Comments:

 

More Posts

New Call-to-action