Everyone has a plan until they are cyber punched in the face! Or something like that!

People seem to have this misconception that you need to “do a pentest” or some other project based activity to do “security testing” or response planning.

Let’s be real here, you really don’t. But what you do need is a few things:

1. Authorisation
2. Time
3. Some ideas for cyber incidents to plan for

To help people I’ve started to put together a really high level but simple aid to get people thinking about response planning. It fits in with my Plan 2 Fail workbook, the NCSC Exercise in a Box and well loads of other cool resources like these playbooks:

IRM/EN at main · certsocietegenerale/IRM (github.com)

https://www.gov.scot/publications/cyber-resilience-incident-management/

However the key thing here is my slides (no really they are just an aid, there’s loads of ways to go about this type of activity). Hopefully people find these useful.