Having a documented incident response plan is a must for any business (unless you’re using managed security services). However, I’ve found that few organizations are actually testing their plans. This also goes for DR and BCP plans — I don’t see any value in creating a plan if you’re not testing it regularly as new personnel come and go, changes roles etc.
I was at a recent event where they provided some great sample exercises which I’ve included below. Take a look, these really stretch your imagination but are things you need to be considering. Have some fun, make a day out of it, and make sure you get the necessary folks involved. If you don’t get the appropriate level of sponsorship you’re going to have trouble getting any plan to succeed. Do you want to be woken up at 3:30 in the morning with a potential breach and have no idea where to start?