Member-only story
Run a Data Breach Exercise
Don’t just pretend you do
There are so many slices of the cybersecurity market that are overcrowed; pentest providers, anti virus, magic bullets, get-certified-in-a-box, you name it. There are, on the other hand, some needs where I have not been able to find hardly any services. One of them is cybersecurity training for software development teams, and the other Data Breach Exercises.
How do you run a Data Breach Exercise, as no one is going to do it for you? Like this:
Why
For compliance reasons you are supposed to run data breach exercises, and I would say they represent a great way to test what gaps there are and fix them well ahead of a real incident.
Who
First you need to decide who will participate. This can include a member of the Exec team, the Data Protection Officer, IT administrators, Public Relations, Human resources…
What
The final deliverable of the Data Breach Exercise is a report that should be sent to the Distribution List using the same procedures marked by the Cybersecurity Incident Procedure. The report must contain:
- Incident Number
- Chair
- Reported by
- Investigation Requested by
