There are so many segments of the cybersecurity market that are overcrowded; Providers of pentest, anti-virus, quick fixes, get certified in a box, etc. On the other hand, there are certain needs for which I have been able to find practically no service. One of them is cybersecurity training for software development teams, and the other is data breach exercises.
How to conduct a data breach exercise, since no one will do it for you? Like that:
For compliance reasons, you’re supposed to conduct data breach exercises, and I’d say they’re a great way to test for existing gaps and fix them well in advance of an actual incident.
First you need to decide who will participate. This may include a member of the management team, the data protection officer, IT administrators, public relations, human resources…
The end result of the data breach exercise is a report that must be sent to the distribution list using the same procedures marked by the Cybersecurity Incident Procedure. The report must contain:
- Incident number
- Chair
- Reported by
- Investigation requested by
- Distribution list
- Severity
- Status
- Incident type
- Summary
- Sequence of events
- Root causes
- Resolution and solutions
- Lessons learned
Data breach exercises should be conducted annually.
Normally a meeting room.
A data breach exercise is a role play. Each person represents themselves in a fictitious situation and reacts according to their knowledge, their context, their motivations and their personality.
I normally structure the exercise like this, carefully providing information to participants:
- At least two weeks before all DBE team members…