Cybersecurity Series
Cyber Security_Blog_with Book

CIR TE Test Design

Regardless of the comprehensiveness of the developed CIR plan, the situation during a cyber security attack is very chaotic, and human error becomes a key concern.

Keeping cool as a cucumber and relying on documented procedures can guide organisations to respond effectively to cyber security attacks.

This article discusses how conducting rigorous, regular tests and exercises on developed preventive and response strategies increase the organisation’s confidence during cyber security attacks.

Reference: Chapter 9 Testing and Exercising 9.4 Test Design

Moh Heng Goh

Banner 8 V2

CIR Testing and Exercising

Test Design

Designing a test is not as simple as it may sound. Various factors are involved in designing a test that can evaluate the effectiveness of the response plan and not bore the testees.

New call-to-action1. Principles

The approach to testing is governed (Goh, 2006) by these principles:

  • Resources identified for prevention and response to cyber security incidents should be made available during testing;
  • Designers of the plan should not be involved in the testing because their judgement may be biased;
  • Importance of achieving a successful outcome increases in direct proportion to the scope of the test;
  • All relevant parties, including support teams, have to be involved in the test;
  • Established Service Level Agreements (SLA) are met; and
  • The test should be realistic, exciting and practical without consuming too much time and resources

2. Constraints

The following are some constraints (Goh, 2006) that organisations have when designing a test:

  • Conducting tests should not impede business operations
  • Not all of the components of the plan can be tested simultaneously
  • Business operations with a higher priority may take precedence over the test
  • Uninteresting or repetitive testing may undermine the enthusiasm of testees
  • Take into consideration the cultural differences between headquarters and outside offices

3. Extent

As the organisation progresses (Goh, 2006) from plan design to plan maintenance, the components required to be tested increase.

During plan design, the majority of the components of the plan have not been finalised and documented. Therefore, although the strategies to mitigate or respond to cyber security incidents have been developed and approved, it is not advisable to test them as the relevant parties still have not received the plan.

Once the plan has been documented and distributed to the respective parties, only a few components are tested. The participants lack the knowledge and skills to perform all the documented procedures immediately.

Hence, the test will start slow and easy, allowing participants to adapt to the simulated situation. As the number of tests increases, the participants are more accustomed to the stress levels and more capable of performing the documented procedures.

Once the desired outcomes are achieved, the organisation will increase the tested components, raising the test's difficulty and complexity. Ultimately, the majority of the components in the test will be included.

Related Topics for CIR Testing and Exercising

Overview of Testing and Exercising Test Design Types of Tests
New call-to-action New call-to-action New call-to-action
Scheduling 9.7 Baseline for Success Criteria Back To: Table of Content
New call-to-action New call-to-action New call-to-action

 


BCMI Logo

Do You Want to Continue BCM Training onsite or online?

Competency-based Course
Certification Course
New call-to-action New call-to-action [BL-3-Catalog] What Specialist Level Blended Learning Courses that are Available? [BL-5-Catalog] What Expert Level Blended Learning Courses that are Available?

A Manager’s Guide to BCM for Cybersecurity Incident Response

Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.

Reference: Chapter 9 Testing and Exercising 9.4 Test Design

Note:  This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.

 

 

Comments:

 

More Posts

New Call-to-action