This scenario has been designed to engage the entire cyber security incident response (IR) team and evolve the IR plan and capabilities as quickly as possible. It includes technical, managerial, financial, regulatory, legal, and public relation challenges.
Take a look at your current IR plan and see if it stands up to this test. An organisation that does not have a cyber security IR plan, or a program, must act as if it has already been breached. If you do not have an IR plan get one; NIST SP 800-61 r2 is a good start. Continue reading “Cyber Security Incident Scenario”