Rehearse your IR plans at least quarterlyJust before Benjamin Poernomo left IBM, he was in charge of the X-Force Cyber Tactical Operations Centre. This is a mobile unit that IBM created to help customers rehearse and test their disaster recovery plans. The mobile unit also doubles up as an on-site response unit that IBM can deploy when customer are dealing with a major cyber attack.

One of the reasons that IBM created the CTOC was, as Poernomo pointed out, to help customers who cannot travel to the IBM Cyber Range in Boston. One reason that European companies don’t go to Boston is the number of staff you need to properly rehearse an incident.

Benjamin Poernomo
Benjamin Poernomo

Poermono says: “The real mature parties have a plan and they know that they have to rehearse that plan.” But it isn’t as simple as that. Rehearsal is not a one off and it must include everyone who has to be involved. You need to think about who is part of your cyber incident plan. IT staff, C-Suite including the CEO, CTO, CFO, CCO, key personnel from HR and potentially some of your outside partners.

This complexity of testing a full incident response plan is why people don’t do this. As part of the CTOC visit, everyone is treated to a session inside the CTOC which quickly moves from an example to a live exercise. It tests the ability of people to respond, to think on their feet and to handle complex and multiple streams of information.

To hear more of what Poernomo had to say listen to the podcast.

Where can I get it?

obtain it, for Android devices from

use the Enterprise Times page on Stitcher

use the Enterprise Times page on Podchaser

listen to the Enterprise Times channel on Soundcloud

listen to the podcast (below) or download the podcast to your local device and then listen there


Please enter your comment!
Please enter your name here