DECEMBER 20249MANUFACTURING TECHNOLOGY INSIGHTSAs the next question builds off from the previous question, you build a scenario that is effective for you as the incident commander and the incident response team. The questions can also be close to real as possible by adding in various systems within your environment. Such as infections of the VMware environment or network disruptions due to failed Cisco firewalls.Scenario based questioning can also be accompanied by run books or playbooks. These documents are decision based diagrams that depict how one should respond to an incident. An example could include a run book based on a user receiving a malicious email or how to respond to a virus infection. As you create the run books, ensure that your incident response team has reviewed and understood the workflow. Without these documents, your incident response team could handle an incident in many different ways, which can introduce wasted time and effort. Remember, when an incident occurs, time is against you. After every incident, an after action review should occur to review and improve upon the response; tabletop exercises are no different. As an incident commander, your job is to orchestrate the response and ensure that the incident is contained. Things can and will go wrong by well-intended team members. The after action review is to discuss what went right and, ultimately, what needs to be improved on. This will improve your overall response and performance in reacting to the incident itself.Organizations should look at performing some type of incident response training at least quarterly. While this will not provide you the 10,000 hours of training to become a master at this, it will help in keeping response to an incident at the forefront. The key is to build repeatable processes so your employees know what to do when an incident does occur
< Page 8 | Page 10 >