Testing Your Cybersecurity Incident Response Plan
Regarding the real world application of skills undoubtedly the most famous of all samurai Miyamoto Musashi states in The Book of Five Rings that "You can only fight the way you practice." As security professionals when performing assessments and audits we request and review a client's Security Incident Response Plan, if there is one. Just this week the Ponemon Institute released " The Third Annual Study on The Cyber Resilient Organization " indicating that 77% of organizations lack a proper incident response plan. I suspect that of those organizations with a plan few have actually tested and put it to practice. Different incidents require different responses, this can result in plans that vary significantly from those addressing minimal incidents to plans that become bloated attempting to tackle all possible scenarios. Incident response must be approached strategically with the goal of improving the organizations overall ability to operate even whi