Everyone has a plan until they are cyber punched in the face! Or something like that!
People seem to have this misconception that you need to “do a pentest” or some other project based activity to do “security testing” or response planning.
Let’s be real here, you really don’t. But what you do need is a few things:
- Some ideas for cyber incidents to plan for
To help people I’ve started to put together a really high level but simple aid to get people thinking about response planning. It fits in with my Plan 2 Fail workbook, the NCSC Exercise in a Box and well loads of other cool resources like these playbooks:
However the key thing here is my slides 😉 (no really they are just an aid, there’s loads of ways to go about this type of activity). Hopefully people find these useful.