Hosted by: Robert Duncan, CISO, Direct Line Group and Lecturer - Cyber Security, Columbia University
Cyber response is about asking questions and making key decisions about the recovery stage based on the understanding of the incident. Simulation of a cyber emergency scenario is a critical part of building cyber resilience into your organisation. This interactive exercise will challenge the participants to make decisions that will influence the outcome of the cyber incident story. At the end of the training there will be time to reflect on the outcome of each group’s decisions, providing insights into the impact of the decisions made.
Each group will have the same cyber security challenge assigned to them and a leader to guide them through the scenario response process. Once the damage has been assessed ie what is the attackers goal, what type of incident is it, how serious is the incident, has the system been compromised; you will need to agree with the group how do you isolate that breach, who has been affected and should they be informed, how can business be resumed quickly and securely, what are the priorities, who should lead on the business continuity, what are the next steps, who needs to be informed, have stakeholders, staff or the press already found out?
In terms of the recovery steps, what can you do to prevent the attack from happening again, are your monitoring tools and processes sufficient, which of your pieces of equipment or devices are the most vulnerable, are your critical data and systems backed-up, what is the “cyber kill chain” ie a sequence of stages required for an attacker to successfully infiltrate a network and exfiltrate data from it, how can your monitoring and response plan be improved?
Michael Farrell, Co-Executive Director of the Institute for Information Security and Privacy (IISP), Georgia Tech
Ahana Datta, Head of Cyber Security and IT Risk, Financial Times
Simon Legg, Group CISO, Jardine Lloyd Thompson Group
Elke Bachler, Group CISO, Hiscox
Matt Gordon-Smith, Head of Global IM Security, Anglo American
Detective Sergeant Alan Goodsell, Organised Crime Command, FALCON (Fraud and Linked Crime Online), Metropolitan Police
Ray Irving, Managing Director - Global Business Services, Financial Services - Information Sharing and Analysis Centre FS-ISAC
Amie Alekna, Senior Security Adviser and Data Protection Officer, Security and Privacy Team, Justice Digital and Technology, Ministry of Justice
Will Harvey, Head - Government Cyber Defence, Government Security Group, Cabinet Office