Scottish Cyber Coordination Centre - organisational cyber testing and exercising regime: guidance
Outlines a cyber exercising regime to enhance preparedness and recovery from incidents across technical, operational, and strategic levels. It provides guidance for the Scottish public sector, offering a structured approach to testing and exercising, tailored to an organisation's size.
Technical Level
Suggested Frequency: Monthly to quarterly
Focus Areas:
1. Incident Response Drills: Simulate specific cyber-attacks such as phishing, ransomware, data theft, DDoS attacks, and other common threats. Test the immediate response actions of the IT team and the Cyber Incident Response Plan & Playbooks.
2. Vulnerability Assessments: Conduct regular scans and penetration tests to identify and mitigate vulnerabilities.
3. Patch Management: Test that all systems are up to date with the latest patches and updates. (or appropriate mitigations are in place and are effective)
4. Network Monitoring: Test the effectiveness of intrusion detection and prevention systems (IDPS)
5. Backup and Recovery Testing: Ensure that data backups are functioning correctly and can be restored in case of data loss incidents.
Objectives:
- Validate the effectiveness of technical controls and security measures and Response Plans.
- Ensure quick and appropriate response to detected threats.
- Understand roles, responsibilities, reporting and escalation.
- Identify and address potential vulnerabilities in the network and systems.
- Improve processes.
Contact
Email: SC3@gov.scot
There is a problem
Thanks for your feedback