Questions to think about during a tabletop session include:
- How long does the organization keep backups?
- How long does it take to restore from backups and has that process really been tested?
The roundtable also invites discussion about how the organization is preparing to respond to the discovery of unauthorized administrative activity, who will be notified, and how.
Helping security teams think through everything that needs to be done
The point of this exercise is to force security teams to consider what resources are needed to respond to an incident and what procedures can be used to reduce the impact of dangerous work from insider threats.
There may also be a need to contact law enforcement and adequately document the incident so that you can legally pursue the attacker and hold them accountable for their brutal actions.
Situations like this can play out and often, when former employees are frustrated by the former employer and want to use the inside information they know, to try to jeopardize or have a negative impact on the organization both technically, financially and reputationally.
Organizations need to have comprehensive plans and procedures in place to stop malicious activity, mitigate the impact, respond and recover from an incident and legally pursue insiders to hold them accountable for their actions.
Source link