The organization should create and maintain a five-year planning cycle for conducting cyber security exercises. The plan ensures that incident response and continuity capabilities are regularly tested. It should be updated at least annually or following significant changes.
The plan should specify the schedule, types of exercises (e.g., tabletop, functional), scope, objectives, and participants for each exercise to ensure comprehensive testing over the five-year period. The exercises should cover at least the following key themes:
- Crisis management & coordination:
- Testing the company's crisis management team.
- Practicing procedures for coordinated preparedness.
- Involving suppliers (especially those for critical IT systems) in incident handling.
- Operational & supply chain resilience:
- Ensuring the continuation of operations.
- Restoring supplies after a disruption.
- Mobilizing extra resources and materials.
- Communication:
- Managing internal and external communication.
- Providing information to consumers.
- Using alternative communication methods if primary channels fail.
- IT & cyber security:
- Handling cyber threats and vulnerabilities.
- Activating IT security services.
- Practicing emergency procedures for isolating critical IT systems and switching to redundant systems.
- Restoring systems from backups, including source code and data for custom software.
- Inter-organizational actions:
- Acknowledging and confirming notifications about changes in the sector's emergency preparedness level.
- Implementing emergency measures based on the preparedness level.
- Recovery:
- Practicing the normalization process after emergency operations have concluded.
The organization should also prepare a formal exercise evaluation report for these exercises. This report must describe the trained exercise elements, the course of the exercise, lessons learned, relevant learning points, and planned follow-up actions with a timetable and internal responsibility allocation.
.svg)
