Crest and IASME have announced a new partnership with the National Cyber Security Centre (NCSC) to assist in the implementation of the Cyber Incident Exercising (CIE) scheme. The scheme has been developed by the NCSC in order to help businesses find reputable providers who can offer advice and support for practicing their cyber incident response plans.
The importance of exercising and practicing a cyber incident response plan cannot be underestimated. While perfection may not be attainable, the act of rehearsing one’s response can greatly increase an organization’s resilience. By regularly practicing their incident response plans, companies are better equipped to handle cyber attacks and can quickly return to normal operations.
Organizations that wish to participate in the CIE scheme will be evaluated against the NCSC CIE Standard. CREST and IASME have been chosen to manage the assessment, onboarding, monitoring, and offboarding of providers who are assured under the scheme on behalf of the NCSC. These organizations were selected due to their high standards and because they provide different options for potential providers to join the scheme.
Dr. Emma Philpott MBE, CEO of IASME, expressed enthusiasm for the partnership, stating, “We are excited to collaborate with companies of all sizes and from all areas of the UK to deliver this important scheme. We are committed to ensuring that the scheme is accessible for smaller cyber security companies to become assured providers, and we encourage interested parties to contact us for further discussion.”
Rowland Johnson, President at CREST, emphasized the significance of effective cyber incident response in today’s landscape of increasing cyber attacks. He stated, “With the rise in cyber attacks impacting organizations of all types, having an effective cyber incident response plan is crucial for building cyber resilience. This scheme will provide organizations with access to Assured Service Providers who can support them in testing their incident response capabilities.”
The Cyber Incident Exercising scheme offers assurance to companies that provide two types of cyber exercises to help organizations test their existing cyber incident response plans. The first type is the Table-Top exercise, which involves discussions where participants explore their roles, responsibilities, activities, and key decision points based on a pre-agreed scenario. The second type is the Live-Play exercise, which involves participants executing their roles and responsibilities in response to events in a simulated real-world cyber scenario. These exercises are tailored to the specific organization and provide a realistic simulation of a cyber event. The Live-Play exercises are particularly useful for mature organizations seeking comprehensive validation of their plans.
It is important to note that the scope of the CIE standard covers incidents that have a significant impact on a single client organization. It does not cover incidents that span multiple organizations or Category 1 and Category 2 incidents, as defined by the UK’s Cyber Attack categorization system.
The official launch of the CIE scheme is scheduled for later this year, following the assurance and onboarding of exercising providers who will be ready to offer their services.
For more information from the NCSC about the CIE scheme and its standard, please visit their website. Additionally, to learn more about the scheme and how to apply, visit the websites of IASME and CREST.
The first Assured Service Providers for the scheme will be announced soon and will be listed on the websites of the relevant Delivery Partner and the NCSC once they are available.