How would your company deal with a cyber attack?
A cyber Attack War Game reviews your business continuity and incident response plans, puts them to the test with a simulated cyber attack and reports back on improvements and compliance recommendations. Being prepared for a cyber attack can make sure you survive.
What is Cyber Attack War Gaming?
A scenario-driven table-top exercise which simulates a cyber attack to test your incident response plans. It prepares you for an attack and allows you to test how key staff make and communicate vital decisions at both the tactical and strategic levels.
Scoping: We assess your current plans & understand your assets and vulnerabilities. We review current compliance with data protection and business continuity best practice.
Exercise: We plan & carry out the Cyber Attack War Game with your incident response team and crucial staff. We deliver a hot debrief after the exercise.
Reporting: We'll report back in a face to face cold debrief with findings from the exercise and suggestions for improving your plans.
Review: A full review of amended incident response / business continuity plans is conducted. Retesting can be done when required.
What is included?
What are we testing?
Team work and communication
Co-ordination with the Police and the ICO
Social media response
Handling the press
Effectiveness of plans, policies and procedures
Communication with staff, suppliers and customers
Why plan and exercise?
How is the exercise created?
We manage the entire project from start to finish. Some of our clients like input into the design of the scenario and this can be a great way to add some extra realism. However It is important that the team who will participate in the exercise don’t know anything about the scenario beforehand.
How long does it take?
This depends on the maturity of your current plans. Some clients are developing a plan for the first time whereas others have a more tried & tested plan. The table top exercise section is 4 hours long including the hot debrief. We work around you so as to cause minimal business disruption.
Who needs to be involved?