Skip to main content

Crisis Readiness Program

Updated over 5 months ago

Service Overview

The Crisis Readiness Program helps organizations prepare to respond effectively to cyber crisis scenarios. It enhances executive preparedness, clarifies key responsibilities, and enables structured decision-making during cyber incidents through tailored playbooks and simulation-based training.

Methodology

The service begins with identifying risks that should be managed as crises by the global or site-level crisis management teams. Key stakeholders are interviewed to assess and prioritize these risks.

Following the risk identification, comprehensive playbooks will be developed. Each playbook outlines key phases and roles using a RACI (Responsible, Accountable, Consulted, Informed) structure, and is developed through collaborative individual and group sessions with relevant personnel.

Upon finalizing the playbooks, the service transitions to annual training and awareness initiatives. These include on-site workshops for key stakeholders, presenting cyber threat trends and intelligence, crisis management best practices, and tabletop exercises simulating realistic crisis scenarios.

Deliverables

  • A comprehensive crisis management plan defining stakeholder roles and crisis-handling procedures

  • An extensive report summarizing the organization's preparedness in handling crisis scenarios

  • A prioritized set of recommendations to improve crisis management readiness

  • Annual training sessions, including at least one on-site executive workshop

Prerequisites

  • Active engagement from senior management throughout the process

  • Disclosure of existing crisis management teams, policies, technology and procedures

  • Disclosure of relevant technical data concerning the organization's infrastructure and systems

Customer Engagement

The client is expected to provide technical and procedural data, actively participate in workshops and interviews, and review and implement the resulting recommendations.

Relevant Standards

  • NIST SP 800-53 – Risk Management Framework

  • NIST SP 800-61 – Incident Response Framework

Security Domains Covered

  • Cross-organization policies, procedures, and governance

  • Security operations, monitoring, and incident response

Related Articles
Executive Crisis Management Tabletop Exercise
NIST Cybersecurity Framework 2.0 Overview
OT Environment Maturity Assessment
SOC Maturity Assessment
Incident Response Readiness Evaluation
Did this answer your question?