A Journey in Organizational Resilience: Training and Testing

We are far from a breach-free world. After all, even cybercriminals have shown their own form of resilience. For example, after a short hiatus, the ransomware group REvil came back in September 2021. Until the day we can leave our ‘cyber front door’ unlocked, any organizational resilience framework you employ needs to include a healthy dose of training and testing.

Training and testing may get the “nice, but don’t have time” treatment, or worse, the “this is fluff” eye roll, but both are vital to your resilience. What if you are wondering how to prioritize these tasks? The Dwight D. Eisenhower decision-making matrix, also known as the Urgent/Important Matrix, is useful for this.

In the matrix, training and testing fall into the ‘Important, Not Urgent’ (or top right) quadrant. When tasks fall into that quadrant, your job is to start scheduling. Sticking to a regular training and testing schedule is key to success.

Do Champions Win Without Training?

Regardless of which cybersecurity framework you end up using, a serious one includes training and testing. Training and testing build muscle memory, locate gaps and help people learn. To reference President Eisenhower again, as a general, he said: “In preparing for battle, I have always found that plans are useless, but planning is indispensable.”

Training is part of your incident response battle readiness. Be honest: have you ever seen any pro athlete win a championship without serious training? Does a trial lawyer walk into a courtroom without preparing and wing it? Has a successful entrepreneu ..

Support the originator by clicking the read the rest link below.