T8.2.5 - INCIDENT RESPONSE TESTING Implementation Guidance
The entity shall test its incident response capability.
Back to T8.2.4 - P4 - INCIDENT RESPONSE TRAINING
The entity should develop testing procedures to determine the overall effectiveness of its incident response capabilities and to identify potential weaknesses or deficiencies. Incident response testing must simulate pre-defined breach scenarios across the incident response lifecycle from including detection, reporting, and recovery to normal operations. Incident response testing includes, for example, the use of checklists, tabletop (discussion-based) exercises, and functional (performance of duties in a simulated environment) exercises. Entities should participate in sector, national, and international exercises to further test incident response capabilities.
