Home > Federal > ESS > Incident Response Test Training and Exercise

Enterpise Security Services

Incident Response Test Training and Exercise

Read on to discover why, how, and how often you should test your organization’s resiliency and response plans.


In order to test the current security program, SecureState simulates an attacker attempting to gain remote or local access to the business networks, and exploits weaknesses to obtain as much access to sensitive information as possible. These assessments ascertain if an attacker focused their efforts on the business networks, the level of exposure, and/or unauthorized access that may be obtained; as well as testing the Incident Response capabilities of the corporation. The exercises simulate real-world incidents that may affect data and resources, and will be performed concurrently to ensure the IRP is properly implemented, tested, and follows approved policies.


Security exposures and threats often go unnoticed within current security programs. Conducting IR test training and exercise activities will help eliminate that issue.


Using an outside firm to perform education and training will provide an objective and knowledgeable perspective which is unique to SecureState. During this engagement, SecureState will provide structured training as well as evaluate the effectiveness of the organization’s internal knowledge. Additionally, SecureState will provide recommendations for potential improvements for the response, handling, and implementation of the Security Program.

Members of the Readiness and Response Team have developed plans, created metrics, and developed capabilities built specifically using NIMS, NIST, CERT, FCD-1, and HSEEP standards for designated high-criticality assets and mission essential functions. SecureState’s Readiness and Response Team has planned and invoked responses to the full spectrum of threat and hazard events, including enterprise-wide malware response, proprietary information theft, inclement weather events and terrorist disruption; as well as activating EOCs, and mobilizing first response forces and support personnel.

Did You Know?

  • Common Misconception: Testing resiliency and response plans are too difficult to measure effectiveness, and will not provide a ROI for the effort involved.
  • Reality: Testing, training, and exercises continually show the shortcomings, yet necessity, of integrating resiliency services and resources, managing the facilitation processes, and maturing the impact plans and procedures within the business.
  • Frequency: Testing an organization’s resiliency and response plans, as well as the organization’s resources and communications should occur at least annually.

Our Approach and Methodology

SecureState’s Assessment provides multiple approaches to assessing the control points, architecture, personnel, and methodologies referenced within the security program; in order to determine the overall state of response and prioritization of security within the corporate architecture.

This Test Training and Exercise will specifically examine the following:

  • Structure of the existing Security Team, including defined roles and responsibilities, as well as procedures
  • Current logging, auditing, and monitoring inputs that drive the Security Program
  • Incident definition and classification
  • Escalation procedures both internally and externally
  • Previous tabletop or mock exercise documentation
  • Confidentiality, integrity, and availability of information
  • Protection of sensitive information
  • Ability to maintain processing during and following an emergency
  • Management and employee accountability for computing resources
  • Maturing the response and security program: The primary outcome of every test and exercise is to determine a current state of the organization’s Security Program. The output of this response will outline the structure of the Security Program and define best practice objectives that should be met to ensure the company clearly understands and responds to information security incidents and threats.

The specific syllabus will be a collaborative effort between SecureState and the organization; and generally includes the following elements:

  • Scripting, Regular expressions
  • Custom packet creations
  • Configuring, deploying and monitoring IDS and inline IPS
  • Creating custom signatures
  • Deploying and customizing malware detection
  • Incident response

What Makes Us Different


  • Concurrently assesses the impact and risk controls
  • Combines data forensics, hacker, and risk perspectives
  • Provides an integrated response to determine how, when, why, and where a compromise or incident occurred
  • Employ testing and evaluation team members who are actively engaged in and manage relationships with DHS, FEMA, and state and local responders, as well as law enforcement
  • Employ professionals who have served in advisory and designed roles in the creation of MOUs and resiliency plans for the USAF and USMC.


We Can Help You