When it comes to “cyber response plans,” the planning stage is a lot more useful if it’s actually been tested. A blog from The D&O Diary discussing the recently issued SEC OCIE Cybersecurity and Resiliency Observations says if you’re not practicing what to do when you experience a cyber attack, you’re not being realistic about your chances of effectively responding to it.
Although the SEC OCIE observations are primarily directed toward broker-dealers and investment advisors, the recommendations seem worthwhile for any company, one being testing and monitoring:
Establishing comprehensive testing and monitoring to validate the effectiveness of cybersecurity policies and procedures on a regular and frequent basis. Testing and monitoring can be informed based on cyber threat intelligence.
It also recommends testing the incident response plan and potential recovery times, using a variety of methods including tabletop exercises. If an incident occurs, implement the plan and assess the response after the incident to determine whether any changes are necessary.
A recent blog from McGuireWoods is helpful because it summarizes how to run an effective tabletop exercise to test your response plan. Here’s a few recommendations:
– Objectives – set ground rules for the exercise, who speaks first, is there a budget for the response, level of detail to be provided, determine the focus of the exercise – detection, containment, etc.
– Evaluation – think about how to evaluate the exercise, identify a note-taker during the exercise, detail the evaluation process
– Full participation – ensure key participants coordinated their responses, ensure contractual partners are included, determine who has authority to resolve disagreements
– An experienced facilitator – bringing in an experienced facilitator can help ensure all areas have a voice and that the exercise stays on track so the result is measurable
-Lynn Jokela, TheCorporateCounsel.net February 18, 2020
Want to keep reading?
Great. Enter your email address and gain instant access to this article