Infosec Training Best Practices: Where Do Cyber Exercises Fit In?
As we draw closer to the end of the year, cyber security best practices and strategies are being revisited to assess incident response effectiveness. One of the practices that remains essential to test incident response plans are cyber security exercises. Whether companies run table top (discussion-based) exercises, more functional operational exercises, or a combination of both, practicing these scenarios enhances infosec training and tests incident response preparedness.
- Differences between table top and operational exercises
- Exercise approaches that are best suited for infosec training
- How often companies should conduct exercises overall
- Effective exercises to prepare for insider threats
- Cost-effective exercises for SMBs to practice
You can watch their video Q&A and read their complete responses here.
Exercises Test Your People in More Ways Than One
Ewing-Ottmers and Evans also outlined the organizational and administrative benefits of cyber security exercises across an organization during their presentation, “Improving Incident Response Plans with Advanced Exercises,” at ISSA 2016.
For instance, cyber security tabletop exercises can help verify proper taxonomy so IR teams use the right legal terms as live incidents take place. Exercises can be used to identify roles within the team and ensure that everyone is on the same page. These drills also hold value to test whether a current incident response plan needs to be updated or not.
“If you’re looking to refresh the organization’s incident response plan, going through an exercise is a great way to determine stuff that’s not working anymore,” Ewing-Ottmers explained.
Moreover, even if you are a small business, cyber exercises can be tailored to meet individual organizational needs. And you don’t have to be a larger organization to see the benefits.
As Evans described, “The nice thing about cyber exercises is that they can scale. For small to midsize businesses, it’s great to start with a simple discussion – a simple discussion is a way for small companies to begin getting involved with cyber exercises without feeling overwhelmed.”
Here’s a recap of highlights from their presentation and other panels from the conference.