Safe and reliable: Business continuity exercises of .si
TTX (Tabletop Exercise) is a crisis management exercise. Members of the organization act out a response to a certain event, incident or information security threat. This is a way to check and improve the organization’s readiness for potential security incidents.
Registry .si has set itself the goal of conducting a yearly crisis management exercise in its business continuity policy. Through this, we test our responsiveness to information security threats. At the same time, the exercise allows us to test our procedures, identify potential deficiencies, and improve our security incident response capabilities. We believe such exercises are crucial for our effective management and reduction of risks related to information security and for ensuring the business continuity of .si.
All employees participate in the exercise. The employees play the roles that we perform as part of our regular work process. This helps to contribute to a comprehensive test of the responsiveness of the Registry .si to security incidents. Even though that these types of exercises are announced and planned, there is always some nervousness and uncertainty in the team.
Imagine that the employee on duty informs us via the internal notification channel about unusual activities in the network. He/She suspects our network infrastructure is being attacked with ransomware, malicious code.
The IT team immediately checks the event more closely. The crisis team is immediately gathered and the business continuity plan is activated since it is determined that the attacker successfully broke into the network, gained access to important systems and he/she encrypted sensitive data on the servers. While tackling the incident, we also receive a notification on crypto-ransomware. The resolution of the incident is continuously monitored and managed by the crisis manager. The crisis IT team implements all necessary measures to contain and resolve the incident and searches the source of the attack. We also address compliance issues and decide whether to pay the ransom. Members in charge of public relations are also actively involved in the process. They prepare messages for employees, stakeholders and the media. Messages and statements contain all the necessary information about the incident and the measures taken.
Such simulations allow us to identify deficiencies in existing procedures, technologies, employee knowledge and the opportunity to verify the effectiveness of security incident response plans, which primarily include rapid identification and response to threats and the participation of all relevant employees. Through such an exercise, we also check if the communication channels are effective, which can be crucial when it comes to real security incidents. After the exercise, employees evaluate what was done well and where we can still improve – we identify shortcomings and develop a plan to improve response strategies for incident handling.
At the Registry .si, we believe that the key to reducing the risks and identifying potential threats is raising employee’s awareness of information security. We learn how to safely handle sensitive information and how to prevent unwanted situations such as data loss or unauthorized access. Last but not least, such exercises encourage us to actively participate. This strengthens the overall safety culture and improves mutual trust and relationships.
