Scottish Cyber Coordination Centre - organisational cyber testing and exercising regime: guidance
Outlines a cyber exercising regime to enhance preparedness and recovery from incidents across technical, operational, and strategic levels. It provides guidance for the Scottish public sector, offering a structured approach to testing and exercising, tailored to an organisation's size.
Introduction:
Setting a cyber testing and exercising regime should be regarded as important for supporting an organisations preparedness and readiness to respond to and effectively recover from cyber incidents. This should be considered at technical, operational, and strategic levels. It is difficult to define best practice in setting such a regime as this very much depends on the size of the organisation, the complexity of its IT estate, resourcing and its cyber maturity.
For the Scottish Public Sector, the SC3 seeks to describe what such an exercising regime should look like, considering the frequency of exercises and what should be tested at each level.
This guidance does not claim to be definitive best practice but should be seen in the context of offering an informed and logical structure for cyber testing and exercising for organisation who may not have one currently in place or seek to review existing regimes.
Contact
Email: SC3@gov.scot
There is a problem
Thanks for your feedback