Speakers
Synopsis
There has been a marked increase in business and government undertaking Cyber Incident Response Exercises – for a range of stakeholders from boards to executive management and also technical and operational teams. In this session I will share my experience in stakeholder management for running an Enterprise Incident Response Exercise
As an industry subject matter expert in the intersection of education and incident response, I will describe what makes for a compelling and engaging exercise at all the layers in your organisation and also how to avoid the pitfalls where I have observed organisations struggle and achieve less than desired outcomes.
The needs and expectations for those concerned with governance, critical and complex decision-making and technical visibility are very different. However, many businesses are unable to distinguish the needs and therefore struggle to undertake exercises that stimulate the areas needed and do not stretch their participants to learn how to improve their response when under duress.
CISO’s are commonly appointed to either undertake the exercise or appoint an external party to deliver it, with requirement more and more frequently coming down from the board.
CISO’s then have to deal with the expectations of the CTO, Risk Officer, CEO, Company Secretary and the like, each with their own requirements. Understanding what constitutes the making a successful exercise is important – because if you try to please all the stakeholders in the same exercise you will likely end up with none of the objectives being met. An exercise scripted to within an inch of its life is also predictable and uninspiring, and will likely lead to apathy rather than participation.
I will highlight the difference between “simulations” and “exercises” and how to understand what exactly you are trying to achieve and then how to articulate that both externally to acquire such services, and internally to align your stakeholder expectations.
Facilitating these exercises also require a substantial amount of planning but should not be scripted so they remain dynamic.
An effective facilitator should be able to “work the room”, handle objections and even hecklers and interlace education while narrating an unfolding incident. I will share some stories around facilitation (good and bad) and how to develop the skills needed to be successful in this domain.
