We’re going to take a short break in publishing excerpts from Volume 1 of the CISO Desk Reference Guide to bring you an excerpt from the newest addition to our catalog, Cyber Crisis Response: Leveraging the SONAR Method™ to Accelerate Response and Recovery, by Andrew Gorecki and Chris Scott.
Practice, Practice, Practice
How do you get to Carnegie Hall? Practice, practice, practice! Having a well-drafted Crisis Response Plan collecting dust on a shelf waiting for a crisis is not enough. Effective crisis response requires regular practice so the Crisis Response Team can build muscle memory, and their responses become automatic. Furthermore, we have observed that crisis responders who regularly undergo crisis response training better control stress and remain rational during significant events.
One key point we want to emphasize at the outset of this book is that a crisis is a fluid and dynamic state of affairs. Preparation and practice are key! You cannot script a response for every situation. No amount of reading and scripting can replace practice and experience.
You practice crisis response through regular and realistic exercises. Practicing crisis response is like an inoculation. It exposes you to a significant event, helping you build immunity without experiencing an actual catastrophic event. Crisis exercises are simulations exposing your Crisis Response Team to probable scenarios in a safe, controlled, and often informal environment.
At one end of the spectrum, discussion-based tabletop exercises allow participants to walk through the Crisis Response Plan and discuss how they would respond in their functional areas. At the other end of the spectrum are highly immersive scenarios with audio-visual elements and gamification techniques that resemble more realistic scenarios. Those exercises are often delivered in specially designed cyber ranges.
Regardless of which options you choose, there are several benefits to conducting regular exercises, including:
- Building muscle memory and emotional resiliency
- Familiarizing participants with their roles and responsibilities
- Identifying opportunities for improvement in the process
- Increased collaborationand appreciation of everyone’s roles in the process
Moreover, an effective scenario should cover all the Crisis Response Plan components and the SONAR framework. We recommend conducting an exercise at least once a year.