Everyone has a plan until they are cyber punched in the face! Or something like that!

People seem to have this misconception that you need to “do a pentest” or some other project based activity to do “security testing” or response planning.

Let’s be real here, you really don’t. But what you do need is a few things:

Authorisation
Time
Some ideas for cyber incidents to plan for

To help people I’ve started to put together a really high level but simple aid to get people thinking about response planning. It fits in with my Plan 2 Fail workbook, the NCSC Exercise in a Box and well loads of other cool resources like these playbooks:

IRM/EN at main · certsocietegenerale/IRM (github.com)

https://www.gov.scot/publications/cyber-resilience-incident-management/

However the key thing here is my slides 😉 (no really they are just an aid, there’s loads of ways to go about this type of activity). Hopefully people find these useful.

Cyber-Incident-Scenarios Download

Cyber Essentials for Ubuntu Servers

LastPass Breach – The danger of metadata

blue team defenders DFIR guides Incident Response ir kill chains planning red team response