This article provides additional information on how you can meet the requirement for the CAF control – D1.c Testing and Exercising.
Regular Testing of the Incident Management Plan
- Organisations should routinely test their Incident Management Plan to ensure they can respond effectively to security incidents that may affect essential services.
- Exercises should draw on:
-
real-world incidents (internal and sector-wide)
-
emerging threat intelligence
-
risks identified in the Adoptech risk register
-
Types of Exercises
- A combination of exercises should be used, such as:
-
tabletop scenarios
-
technical simulations
-
disaster recovery tests
-
- Outcomes from these exercises should be documented.
Recording Lessons Learned
- After each exercise:
-
lessons learned should be recorded
-
updates should be made to:
-
the incident response plan
-
business continuity arrangements
-
related controls
-
-
- Exercises should validate the full response cycle, including:
-
detection
-
communication
-
decision-making
-
escalation
-
recovery activities
-
restoration of normal service levels
-
- Testing should be recorded in Adoptech, and associated controls and tests should be updated accordingly.
Continuous Improvement
This approach ensures preparedness is:
-
continuously monitored
-
evidenced
-
improved over time