(05/12/23) Blog 339 – NCSC launches Cyber Incident Exercising scheme

365 days of blogs December Mark 05/12/2023 0 Comments

(05/12/23) Blog 339 – NCSC launches Cyber Incident Exercising scheme

The UK’s National Cyber Security Centre (NCSC) has released a new product today, aimed at helping organisations test the robustness of their Incident Response programs.

The Cyber Incident Exercising scheme (CIE) provides a controlled, scenario-based opportunity for organisations to practice, evaluate and improve their cyber incident response plans (CIRPs). CIE doesn’t test an organisations cyber defences but helps them explore and evaluate response plans, should a cyber incident occur. This can help organisations understand what risks it is holding from a cyber perspective and how they can be managed.

Although designed and produced by the NCSC, the Cyber Incident Exercising scheme is administered by two official partners IASME, and CREST who will be responsible for onboarding testing organisations to the scheme, and to manage the assessment process of organisations.

Currently the scheme has seven organisations assured to deliver the exercises to companies

NCSC assured providers of Cyber Incident Exercising

The scheme assures the above companies to deliver two types of cyber exercises for organisations:

Table-Top – discussion-based sessions where participants talk about their roles and responsibilities, activities and key decision points (in line with their organisation’s incident response plan) for a pre-agreed scenario.
Live-Play – sessions where participants carry out their roles and responsibilities in close to real time, in response to a controlled feed of information, representing a pre-agreed scenario. Live play exercises are best suited to mature organisations looking for in-depth validation of plans.

This new venture forms part of the NCSC plans to help ready business to better defend against cyber attacks.

The new scheme, in conjunction with the 10 steps to cyber security, cyber essentials, and exercise in a box, gives companies a wealth of information and planning tools to help massively improve their cyber security posture and be a part of making the UK the safest place to live and work online.