Drill, drill more and drill again

I’ve worked with hundreds of companies over the years and one area I consistently see them struggle with is incident response drills. Sure I see some board level table top simulations but nothing says i’m ready more than practising actual responses.

In table tops people mainly assume the log files exist, they assume the resources are there, they assume the best. I’m not a pessimist but I assume breach and assume things will go wrong (even with preperation).

So to help people I put together an Incident Response planning toolkit workbook. This excel document is a rough guide of different types of incidents and different horror levels (there’s a cool D00M flavoured easter egg in there too). Now one thing, you will need to tailor this. BEC for example can be very simple to repel and remediate, however the cost and impact of BEC can be huge (even if it’s a single mailbox) so take the numbers in here with a pinch of salt and tailor it to suit your needs.

Fail to Plan, Plan to Fail

Failing to plan for a cyber incident both large or small is a sure fire way to ensure you are planning to fail! So with this in mind we thought we’d share a quick workbook to try and kick start your mind into NOT planning to fail!

Here you will find some of the most common scenarios we’ve seen and helped customers with when dealing with a cyber incident. Now look, I don’t mind helping people when the chips are down but if you haven’t planned and you aren’t prepared your likely going to have a really really bad day/week/month/year and whilst we might be able to support you, your probably still going to have a crappy time regardless (we can’t do magic!)

Be safe, be prepared and stay cyber secure!

Until next time! (I’ve added and fixed some bits so now we are at version 1.7)

  • Mitch

    Awesome, thank you 🙂

  • Rob Stonehouse

    Saw your post on Twitter. Nice work.

  • John Rice

    Great job with this!

  • Huet

    Thanks for sharing 👍🏻

  • Incident Response – Web Logs – PwnDefend

    […] a ton of resources online, I put together an incident response planning workbook (https://www.pwndefend.com/2020/08/16/have-you-planned-to-fail/) but there’s loads of resources from NCSC, NIST, SANS […]

  • Stanley Verghese

    Hi, Thank you for sharing the extremely informative and useful Cyber Scenario Planning Toolkit. I have shared this with my IT colleagues and I will work on it myself as well. I was wondering if you could please share any relevant and useful resources/workbook on Risk register/Risk assessment/Risk treatment that will be helpful in strengthening my present document and prepare for any and all eventualities.

Leave a Reply

Your email address will not be published. Required fields are marked *