Scottish Cyber Coordination Centre - organisational cyber testing and exercising regime: guidance
Outlines a cyber exercising regime to enhance preparedness and recovery from incidents across technical, operational, and strategic levels. It provides guidance for the Scottish public sector, offering a structured approach to testing and exercising, tailored to an organisation's size.
Operational Level
Suggested Frequency: Quarterly to biannually
Focus Areas:
1. Tabletop Exercises: Simulate larger-scale incidents that involve multiple teams (e.g., IT, legal, communications, HR). Walk through scenarios to test coordination and decision-making processes.
2. Incident Coordination: Test the incident response plan (IRP) to ensure that different teams can work together effectively. Include communication with external stakeholders (e.g., third-party vendors, law enforcement).
3. Business Continuity Planning (BCP): Conduct drills to ensure that critical business functions can continue during and after a cyber incident.
4. Crisis Communication: Test the communication plan to ensure accurate and timely information dissemination internally and externally during an incident.
Objectives:
- Understand roles, responsibilities, reporting and escalation.
- Improve interdepartmental coordination and communication during a cyber incident.
- Validate and refine the incident response and business continuity plans.
- Ensure that all staff understand their roles and responsibilities during an incident.
- Improve processes.
Contact
Email: SC3@gov.scot
There is a problem
Thanks for your feedback