Un acteur stratégique du secteur des télécommunications a souhaité définir un programme d’anticipation opérationnelle de ses différentes instances de gestion de crise face à une crise d’origine cyber.
Context
As part of its overall programme to strengthen its cyber resilience, a strategic player in the telecommunications sector wanted to define an operational anticipation programme for its various crisis management bodies in the face of a cyber crisis.
The support program, between theoretical training and practical training, aimed to raise awareness of the diversity of professions involved in cyber crisis management of the specificities of this type of crisis for a strategic player and the necessary coordination, especially for a multi-entity group.
Objectifs
- Train the legal department in cyber crisis management;
- Train the first lines of defense (technical) and put the entire decision-making chain under pressure (until the mobilization of the Executive Committee) via a 3-day training;
- Test the coordination and feedback of information between the decision-making and operational IT unit;
- Test the internal and external crisis communication strategy implemented by the crisis cell;
- Illustrate the complexity of decision-making in the face of a cyber crisis that severely disrupts the continuity of operations.
Mission Description
The implementation of the Operational Readiness Program was carried out in different stages:
- Training of the legal department in a crisis of cyber origin and the role of lawyers within a cyber crisis unit.
- Preparation and management of the exercise carried out over 3 days and included in the client’s annual training plan: the scenario combined both exfiltration of sensitive data and wiping. The combination of a virtual infrastructure (CyberRange) and our PIA® training platform made it possible to train the entire management chain in a realistic environment. The entire scenario was designed with the help of an internal accomplice in the organization over several months.
- The entire support ended with a cold RETEX of the exercise. Operational recommendations have been formalized to enable the organization to sustainably increase its cyber resilience and monitor the implementation of the various recommendations over time.
Challenges and specificities
Accustomed to managing crises of other kinds through its strategic activity, the organization had a major area of improvement on the coordination between the different crisis teams in order to reduce its response time.
In addition, it had a certain level of maturity in crisis management but a strong need to anchor certain reflexes by considering the specificities of crises of cyber origin (duration of the crisis, initial shock, etc.).
Alcyconia’s added value expertise
Alcyconie’s expertise in cyber crisis management, beyond the traditional technical aspects of this type of crisis, has made it possible to involve the entire management chain in this support sequenced over several months.
In addition, the combination of technical expertise (CyberRange) and the PIA® training platform made it possible to develop 100% tailor-made solutions, as close as possible to the reality of the organization and to illustrate the potential impact of a cyber crisis for a strategic organization.
As a PACS player, the entire Alcyconie service has also been approached from a compliance perspective, in order to guarantee the customer to strengthen its cyber resilience in line with regulatory changes.
études de cas
Ils nous ont fait confiance
Read article
BCP/DRP training exercise and audit
Investment FundsRead article
Maturity audit, cyber crisis management
Agri-foodRead article
