Cyber incident response exercises: Gold teaming on top of silver and bronze

Thursday
 
28
 
November
11:05 am
 - 
11:45 am
Topic
Crisis Management / Incident Readiness / Planning Recovery / Forensics
Agenda
Sign in to add this session to your agenda
Add to My AgendaAdded to My Agenda
Location
Ask an Expert 1
Theme
Leadership & Governance in Cyber Security

Speakers

Murray Goldschmidt
Murray Goldschmidt

Murray Goldschmidt

Murray Goldschmidt

Executive Director
CyberCX Pty Ltd

Synopsis

The cyber threat landscape has never been more contested or unstable. Recent high-profile incidents have highlighted the severe risks of successful attacks. They have focused the attention of senior executives and boards, who realise the urgent need to avoid similar incidents, and raised the concerns of citizens, when their sensitive data is stolen and exposed. Cyber crises are different from the sorts of crises that business and government are traditionally prepared to respond to (such as environmental, public safety etc.). The intersection of government regulation, big-stick penalties, disclosure obligations to stock exchanges and clients, and the increased scrutiny and obligations of Critical Infrastructure make cyber incidents particularly difficult to navigate. Gold Teaming is an advanced format for cyber incident response simulations. While the definition of simulation is still developing, it is generally expected that a gold team exercise represents the decision-making capabilities of business and govt to respond to an emerging crisis. This exercises the strategic lens around response, which sits on top of silver (operational) and bronze (tactical) activities. While some retain the “tabletop discussion based” format for gold teaming, I will represent a more modern approach that stimulates the range of skills needed to respond to current and emerging threats. The aspirational goal for gold teaming should extend beyond a 2-3 hour orchestrated discussion. Cyber incidents don’t start at 9am and finish at 12 noon when lunch is served! I will describe the difference between exercising and simulating. Too often orgs get tied up in intricate details whereas all you need is scenario to act as a vehicle to enable participation. Immersing executives in more realistic and engaging ways is the key to developing skills. I will present a methodology that supports cumulative and iterative simulations extending traditional tabletop exercises to active testing. Case studies will be presented for “Gold Teaming Light” through to more realistic simulations that occur on the back of something actually being triggered in your environment. One of the "big issues" around incident response is communicating to all stakeholders (Govt, regulators, customers, affected people, staff). I will cover: Brand/reputational impacts; Managing revenue streams and solvency; Continuous Disclosure; Communications to customers and media; and Protocols for engaging a threat actor

Back to Program

Acknowledgement of Country

We acknowledge the traditional owners and custodians of country throughout Australia and acknowledge their continuing connection to land, waters and community. We pay our respects to the people, the cultures and the elders past, present and emerging.

Acknowledgement of Country