Effective responses to cybersecurity incidents rely in large part upon three key elements: personnel, planning and practice. An organization’s incident response team must include capable personnel with the appropriate authority to act, requisite expertise and adequate training. An organization also needs a written plan customized to meet its business, industry and regulatory environment, among other things.
But the right people and a well-written plan are not enough. An organization’s incident response team and other key stakeholders must practice responding to incidents. Although practice does not make perfect, it usually enables people to perform better when called upon.
The National Institute of Standards and Technology (NIST) recommends that organizations not only develop incident response plans, but also maintain them in a “state of readiness” and engage in exercises to “validate their content.” The potential vehicles for such tests can take many forms, but one of the most common and easy to implement is a “tabletop exercise.”