Types of Incident Simulation
There are many "impact targets" that can be used as a basis for Incident simulation, we have listed some of the more common areas of impact below
Loss of data through malware infection forces the organisation to address the issues raised by wide scale denial of access to data often caused by ransomware. In this type of incident simulation the organisation is confronted with the loss of specific datasets contained on shared drives and binaries (databases) in a test environment where these information resources have been deliberately corrupted. Both IT and business areas are then required to work through their cyber incident response and recovery plans
Loss of Staff Availability
This type of incident simulation creates an impact of staff unavailability caused by contagious disease outbreak or widespread transport difficulties. The test establishes an impact threshold (say 35% of staff) and then identifies specific members of staff across the organisation who are designated as unavailable. Impacted areas are then required to use their business continuity plans to maintain continuity of critical processes
Incident simulations based on supply chain failure focus on the loss of critical suppliers, forcing participants to consider how the organisation would recover from the loss of several critical suppliers due to a natural disaster in a specific geographic location, for instance
To gauge whether or not end users are sufficiently proficient in recognising phishing threats and take appropriate reporting actions, a simulated phishing attack can be performed. This can be achieved by sending all users a fake email that demonstrates one or more attributes of a phishing email and capturing the user action to determine which users were susceptible to the "phishing" email and which users adopted the correct reporting procedure.