Project 4 Enterprise Cybersecurity Program Step 18 Record the Presentation

1

7

Urie L. Reed

Simulation Program Design

Dr. Roger Ward

CMP 640 Cyber Security Program Development

University of Maryland Global Campus

Simulation Program Design

Regulatory and compliance requirements for financial institutions such as the company’s demand in which they have a robust capability to respond to cyber threats, one that is tested regularly through a series of sequential simulations that build upon one another, educate our team, and ultimately increase the capacity of our organization to respond to the threats it will face daily. As a result of this thorough simulation/exercise program, we will have a significant edge in responding to and mitigating the effects of cyberattacks. The most effective approach to ensure that our cyber-team is prepared to identify, protect, detect, respond to, and recover from cyber-attacks is to ensure that our organization is ready to do so by adopting a simulation program that includes a series of yearly exercises, as described above. Our organization will benefit from this because it will ensure that everyone understands their roles and duties and the processes and processes involved in combating a real-world cyber threat (Garrido, 2009). Our organization will also benefit from the opportunity to learn from its failures, foster teamwork within the business, and ultimately strengthen our posture in a simulated learning environment, rather than trying to learn during a real-world attack, as was the case previously. The following advantages will accrue to our organization as a result of simulated exercises:

• Exercises expose participants to cyber-threat actors and the rationale behind their actions.

• Exercises force the business to respond to incidents in real-time.

• Exercises raise awareness of the impact a cyber-incident has on our customers and the organization.

In addition, exercises provide an opportunity to practice communications strategies both inside and outside the organization.

• Exercises provide exposure to the technical characteristics of a cyber-attack.

• Exercises provide a venue for decision-making under pressure and often without complete information – just as in the real world.

• Exercises allow our organization to engage with the third parties we work with that were the cause of, or were impacted by, a cyber-attack.

Our organization is required to carry out various forms of training activities. We must perform a series of exercises that put our teams through their paces as a standalone entity, and then we must put each unit through its paces as a part of the cyber team that protects our organization as a whole. We must make sure that we run before we walk and learn as we do so. The executive branch of the company, which is responsible for making final decisions, the teams that coordinate the reaction to a cyber-attack, and the actual teams that respond to a cyber-incident or attack separately and subsequently as a cohesive team are all candidates for training. The three sorts of exercises are described in further detail in the following sections.

References

Garrido, J. M. (2009). Design and program structures. Object-Oriented Simulation, 81-92. doi:10.1007/978-1-4419-0516-1_8