Hacker Phishing Computer

In our new book on designing a Cyber Breach exercise, we peel back one of the most important aspects of the design. This article is an except from the new book, Cyber Breach: What if your defenses fail? Designing an exercise to map a ready strategy.

Exercising a cyber-breach scenario forces real-time decision-making and actions and turns the possible into the reality. Creating an exercise with a cyber-incident scenario is infinitely more complicated than creating one with a “normal” emergency scenario, and requires special care in design. And you need two Design Teams because you need two very distinct and different sets of skills.

First, you need a Technology Design Team that is very technical, detailed, and deeply in the weeds of the scenario. You should spend a lot of time picking the right narrative and then dissecting it. The Technology Design Team’s main focus should be to identify all the different affected systems and their interdependencies and connection points.

You will also still need a Business Unit Design Team, but the Technology Design Team needs to do their work first, because you can’t create the overall exercise injects until you know the technology issues and failures. Think of it like a Christmas tree – the technology issues, failures, and problems are the trunk and branches; they provide the solid foundation for the story. The business unit injects are the reaction to those issues – like ornaments hanging on the tree. You can’t hang the ornaments without the trunk and branches, and you can’t design the business unit injects until you know the IT failures.

To download this article, click on this link: https://ems-solutionsinc.com/resources/articles/

Cyber Breach: What if your defenses fail? Designing an exercise to map a ready strategy focuses on Advanced Tabletop, Functional, and Full-scale exercises, and covers everything from broad strategies to minute-to-minute decision-making. It also provides very specific, step-by-step instructions – starting from the earliest planning to after-action reports. Find it on Amazon at http://tinyurl.com/j6skbh8

Regina Phelps is an internationally recognized expert in the field of crisis management and contingency planning. She is the founder of Emergency Management & Safety Solutions (EMSS) founded in 1982. Services include crisis management team development, pandemic planning, exercise design and facilitation, and business continuity plan development and audits. Regina@ems-solutionsinc.com and ems-solutionsinc.com