Trial Before the Fire: How to Test Your Incident Response Plan to Ensure Consistency and Repeatability>
CPO Magazine – Nimmy Reichenberg
Fifty-nine percent of incident response (IR) professionals admit that their organizations follow a reactive approach, according to a report from Carbon Black. Essentially, teams assume their processes work reasonably well to address the incident at hand ⦠until they donât. While organizations must have IR plans in place, itâs even more important that they a) work consistently and b) are updated and improved over time. Once you have a clear, documented plan in place, you should periodically test it through simulations to assess effectiveness and make continuous improvements. So, how can you put your processes to the test. Most security operations teams today use three methods: 1)    Paper tests 2)    Tabletop exercises 3)    Simulated attacks Simulated attacks are often still done tabletop style, but an increasing number of security orchestration tools â via playbooks for common use cases â help teams automate the response to attacks, As an added benefit, playbooks will help you identify opportunities to apply automation to your IR processes to expedite remediation and free up your analysts to focus on higher-value tasks.
Link: https://www.cpomagazine.com/cyber-security/trial-before-the-fire-how-to-test-your-incident-response-plan-to-ensure-consistency-and-repeatability/