Run a data breach exercise. Don’t pretend | by Vicente Aceituno Canal | October 2023


Don’t pretend to do it

photo by Kyle Head on Unsplash

There are so many segments of the cybersecurity market that are overcrowded; Providers of pentest, anti-virus, quick fixes, get certified in a box, etc. On the other hand, there are certain needs for which I have been able to find practically no service. One of them is cybersecurity training for software development teams, and the other is data breach exercises.

How to conduct a data breach exercise, since no one will do it for you? Like that:

For compliance reasons, you’re supposed to conduct data breach exercises, and I’d say they’re a great way to test for existing gaps and fix them well in advance of an actual incident.

First you need to decide who will participate. This may include a member of the management team, the data protection officer, IT administrators, public relations, human resources…

The end result of the data breach exercise is a report that must be sent to the distribution list using the same procedures marked by the Cybersecurity Incident Procedure. The report must contain:

  • Incident number
  • Chair
  • Reported by
  • Investigation requested by
  • Distribution list
  • Severity
  • Status
  • Incident type
  • Summary
  • Sequence of events
  • Root causes
  • Resolution and solutions
  • Lessons learned

Data breach exercises should be conducted annually.

Normally a meeting room.

A data breach exercise is a role play. Each person represents themselves in a fictitious situation and reacts according to their knowledge, their context, their motivations and their personality.

I normally structure the exercise like this, carefully providing information to participants:

  • At least two weeks before all DBE team members…
Leave a comment