Within an operational IT ecosystem, issues occur continuously. Mostly, incidents relate to application defects, resource consumption or the outage of a core infrastructure component such as a server, hypervisor, storage subsystem or network.
There are a whole series of other failures or issues that can occur because of an operational error, a configuration issue, or any number of malicious attacks.
In the course of managing an IT ecosystem, regulated firms need to determine which of the plethora of events are to be regarded, classified and handled as incidents.
Typically, a regulated company will work closely with its cloud service provider to understand incident management roles and responsibilities in detail. Before the deployment of production workload, the stakeholders conduct a Table Top Exercise, a subset of techniques derived from planning military operations.
The table top exercise is a meeting to discuss simulated emergency situations. Stakeholders review and consider the necessary actions taken in multiple emergency scenarios, testing their incident response plan in an informal, low-stress environment. Central to the exercise is creating an understanding of the information needed to handle an incident, the sources of information, the decision-making roles & responsibilities and the sequence of hand-offs.
Specifically, a table top exercise goes beyond the need to purely understand an incident. While not all scenarios will cause business impact or outage to the availability of service, the role of a table top will include how the company makes provisions to ensure continuity of business. Equally, a table top may determine recommendations for how to ensure an incident does not recur, or specify how to preserve information for subsequent external inspection and audit.
Ahead of time, stakeholders will agree on a set of potential incident scenarios varying in severity. Each will be simulated to test the possible response with the essential steps captured and documented.
Finally, a Table Top exercise might be useful as part of contractual discussions between a client and cloud service provider in the creation of a Cloud Services Agreement. The table top output might be a RACI that unambiguously specifies roles and responsibilities.
Reference Examples:
The FDIC has good planning materials for evaluating cyber incidents.
https://www.fdic.gov/regulations/resources/director/technical/cyber/cyber.html
https://www.youtube.com/results?search_query=table+top+incident+managment contains multiple video examples of table top exercises that focus on public emergency situations or business continuity situations.
No comments:
Post a Comment