Test Your Cyber Incident Response Plan

Exercise Goal	Key Participants	Length	Incident Severity
Annual test of a district’s CSIRP	Named individuals on district cyber incident response plan	2-3 hours	Medium → High

Resource Downloads

PDF Presentation | Google Slides | Facilitator’s Guide

Purpose

The objective of this exercise is to evaluate the Cyber Incident Response Team’s (CIRT) ability to utilize the district’s existing Cybersecurity Incident Response Plan (CSIRP) to manage a simulated incident.

Compliance Note: This exercise is designed to fulfill the requirement for an annual CSIRP test. Please refer to your local, state, or insurance compliance standards for specific documentation requirements.

Participant Profile

Primary: Individuals explicitly named in the district CSIRP and/or their designated alternates.

Prerequisites

A District-approved or draft CSIRP.
Participants must be familiar with the plan and their designated roles prior to the start of the exercise.

Prioritized Outcomes

Plan Validation & Optimization: Identify gaps in current planning and technical documentation to refine and validate incident response plans and playbooks.
Operational Readiness: Train personnel on plan execution and rehearse response procedures to build the “muscle memory” needed for a swift, instinctive reaction.
Role & Skill Alignment: Clarify specific roles and responsibilities while identifying gaps in team coordination, knowledge or technical skills.
Strategic Coordination & Awareness: Enhance communication across different departments and deepen the collective understanding of threat types, business impacts, and prevention.

Facilitator Notes

Stick to the Plan: This is a “By the Book” exercise. Facilitators and participants should prioritize actions explicitly documented in the CSIRP.

Documenting Deficiencies: If the team identifies a necessary action that is missing from the plan, record it as a Plan Deficiency for post-exercise remediation rather than improvising a permanent fix during the session. While specific technical steps may be housed in separate “runbooks,” the primary goal here is to ensure the overarching plan is complete and the team is proficient in its use.