CyberSecurityTips #9: How should we be testing the defenses of our company?

How should we be testing the defenses of our company

Testing is usually done in several methods, you can choose one, two or all of them! besides of the operational control testing that it is up and working you have several choices such as:

– Tabletop exercises - paper driven,  planned and executed quickly, limited resources needed.

– Live attacks - Real scenarios where paper injects are only done for simulation, 9-16 months for planning and execution, large number of participants, budgeting, supples, 3rd party involvement and others.

– Hybrid - paper driven and live attacks, planned and executed in 6-12 months, more people needed, real timing and coordination.

– Cyber range - controlled and isolated environment with a replica of real environments.

Each one has its pros and cons and really depends on the logistic capability of your organization. We recommend organization that are ready to go beyond the operational testing to start with table top exercises for management and cyber ranges for technical folks, these are easier to set up, conduct and are also cheaper.