Following Harvard Business Review’s recent article by Angela Wilkinson and Roland Kupers, “Living in the Futures,” several bloggers have jumped in to comment on scenarios. Here is the take by Branden R. Williams, with an information security twist. This post demonstrates how much of what we take for granted actually resides in the realm of uncertainty.
We need to do the same thing in information security. My formula for scenario planning centers on some kind of security incident (duh). It should be run at least quarterly, and the scenarios should vary such that you can rotate executives in and out of the planning (maybe the COO is in two of the four yearly tabletop exercises) and practice dealing with different kinds of problems. Practicing the same problem over and over will make you good at that, but Murphy will make sure that something else happens instead.
Read the entire post here: In Favor of Scenario Planning