Incident Response Test Training and Exercise
Read on to discover why, how, and how often you should test your
organization’s resiliency and response plans.
In order to test the current security program, SecureState simulates an
attacker attempting to gain remote or local access to the business networks,
and exploits weaknesses to obtain as much access to sensitive information as
possible. These assessments ascertain if an attacker focused their efforts
on the business networks, the level of exposure, and/or unauthorized access
that may be obtained; as well as testing the Incident Response capabilities
of the corporation. The exercises simulate real-world incidents that may
affect data and resources, and will be performed concurrently to ensure the
IRP is properly implemented, tested, and follows approved policies.
Security exposures and threats often go unnoticed within current security
programs. Conducting IR test training and exercise activities will help
eliminate that issue.
Using an outside firm to perform education and training will provide an
objective and knowledgeable perspective which is unique to SecureState.
During this engagement, SecureState will provide structured training as well
as evaluate the effectiveness of the organization’s internal knowledge.
Additionally, SecureState will provide recommendations for potential
improvements for the response, handling, and implementation of the Security
Members of the Readiness and Response Team have developed plans, created
metrics, and developed capabilities built specifically using NIMS, NIST,
CERT, FCD-1, and HSEEP standards for designated high-criticality assets and
mission essential functions. SecureState’s Readiness and Response Team has
planned and invoked responses to the full spectrum of threat and hazard
events, including enterprise-wide malware response, proprietary information
theft, inclement weather events and terrorist disruption; as well as
activating EOCs, and mobilizing first response forces and support personnel.
Did You Know?
- Common Misconception: Testing resiliency and response plans are
too difficult to measure effectiveness, and will not provide a ROI for the
- Reality: Testing, training, and exercises continually show the
shortcomings, yet necessity, of integrating resiliency services and
resources, managing the facilitation processes, and maturing the impact
plans and procedures within the business.
- Frequency: Testing an organization’s resiliency and response
plans, as well as the organization’s resources and communications should
occur at least annually.