\u201cThese days a CSO probably won't get fired for being breached. But screw up the response - especially if it comes out that you haven't been routinely practicing - then you are in trouble\u201d explained Ted Julian of Co3 Systems.The industry is working to shift from a bias for breach prevention to the mindset of \u201cassume breach.\u201d The process means planning, measuring, and evaluating investments across prevention, detection, and response.The sobering reality is that the wrong response is potentially career ending. The real risk to the tenure of a CISO today, how are you preparing to respond to an incident?Ultimately, getting incident response right comes down to a few key elements.Assess your current incident response maturityTo figure out where you stand, start with a simple question, \u201cwhen was the last time the response itself required active involvement outside of IT?\u201dThen follow up with a few more questions:If you needed to involve someone outside of IT today, who would you go to?Are they prepared for your call?Do you have an established working relationship?When I spoke with Ted Julian of Co3 Systems about the role of proper response, he suggested that the common members of an expanded team include, but isn\u2019t limited to: executives, communications (PR & marketing), counsel, external partners, and HR.Each member of the team plays an important role. That means building a relationship and creating a common understanding of terms and procedures. This includes external partners for crisis communication, response\/forensics, and even law enforcement.A crisis is not the best time for the first introduction. While it happens, actively working to avoid it is often the difference between success and failure. One way to build the relationships, awareness, and skills to respond skillfully is through simulated experiences.Build the team through simulated experienceWhen I work to guide teams through scenarios and simulations, most people claim they read the procedures and are ready. Then we kick off the exercise and \u201cthings get real.\u201dSimulations bring response to life.The key lies in crafting an experience that is focused and valuable. Co3 Systems provides a platform for response that actively shapes the training experience. Ted shared that clients using the system move from an annual exercise conducted with the best of intentions to a quarterly simulation with full participation.As Ted explained,\u201c Simulations make it easy to demonstrate the costs associated with security in terms that business people can understand. People can't do their day jobs. Regulatory fines and professional services fees can add up quick. For this reason, simulated incidents are probably the single most effective thing a security executive can do to raise their profile, foster trust, and earn respect. From there, expand budgets and additional resources will flow.\u201dWhat caught my attention is the ability of a platform to bring people together, guide the training, -- and then serve as the same interface during an actual incident. With regular practice, that creates comfort in the system.It also leads to the ability to pull others in on more routine incidents. That gives them more experience and insight into your work. It also affords you insight into what they value, why, and therefore what we need to protect. Done right, it guides smarter investment in prevention, detection, and response.Accept that you\u2019re going to pay either way; make the better choiceIn the wake of high-profile breaches are the discussions about the costs. Headline grabbing numbers capture attention outside of security. However, even the breaches that don\u2019t make the news carry rising costs.The 2014 Cost of Data Breach Study: Global Analysis, reported the average cost to a company was $3.5 million in US dollars. This is a 15 percent increase over last year.The key is the 15% increase. What would it mean to have 15% less budget due to a breach?While the results of studies like this invite debate, consider the recent experience and admission from eBay after their breach forced them to ask users to reset passwords, including"The decline in operating margin was driven by expenses related to the cyber-attack and increased investment to increase the vibrancy of the site," Swan said. "Non-GAAP operating margin was 24.4 percent, down 190 basis points."Adopting the mindset of \u201cassume breach\u201d may require the associated \u201cprepare to pay.\u201d The question, then, is whether we\u2019ll work to be proactive and reduce the costs or handle them reactively. Reacting during a crisis has a tendency to drive costs up. It also sometimes confuses thinking and leads to further unnecessary investment.Ted shared the upside, explaining that \u201cMost firms have already heavily invested in prevention and detection - by definition additional investment in these areas will yield incremental improvement. In contrast, most firms have done relatively little with incident response - additional investment there can have a major impact.\u201dBetter yet - elevate your statusIn my experience, a focused approached to incident response that draws others into the program builds relationships, provides insights, and ultimately elevates your status.Here\u2019s how:Involve the business in a range of incidents: to find out what the real priorities are. This eliminates the guess work, takes some\u00a0pressure off you, and helps you focus on the right things\u00a0over time\u00a0Spread some of the work and decision making: this is an immediate answer to the challenge of staffing, but it doesn\u2019t mean dumping stuff on peopleBuild experience and understanding - in a mutual context: This gives you the ability to have a real discussion about risks, staffing, and solutions; based on practice and actual insightsIt is another step toward getting the balance of prevention - detection - and response right. And in the process, you might just get the budget and staffing you need with the ability to focus on what matters most to the business.