It’s one thing to talk or even plan about “What happens if we are breached?” It’s quite another to undertake a true breach exercise. What are the critical elements of such a drill? Author Regina Phelps shares advice from her new book.

The book, “Cyber Breach: What if your defenses fail? Designing an exercise to map a ready strategy,” has just been published by Chandi Media. Phelps, a longtime emergency management and response expert and educator, says such breach exercises give organizations the necessary chance to test and refine their response plans.

“You can see what works, what doesn’t and you can dramatically advance the thinking of everyone from executives down to the affected departments,” Phelps says in an interview with Information Security Media Group. “I have never seen an exercise yield such incredible results, deeper understanding and thinking about possible solutions and issues as a well-crafted cyber breach exercise.”

“Impact” is the key theme of Phelps’ book and her cyber breach exercises. “What we’re looking at is the management of an event,” she says. “What do you do, for example, in your company right now if you have no systems for days or weeks or, God forbid, months? When you open up any plan from a company, there is nothing that addresses that. They assume always that systems will be up in a reasonable amount of time.”

And so the premise Phelps builds upon is: What if you lost your systems for a protracted period of time? How would you do your business, and how would you manage the reputational damage?

In this interview about her new book (see audio player link below), Phelps discusses:

  • Her experience with clients who have been breached;
  • The importance of meaningful breach exercises;
  • Eight must-haves to ensure a successful exercise.

To listen to the interview, click on the link: http://www.bankinfosecurity.com/interviews/cyber-breach-what-if-your-defenses-fail-i-3172