• United States



UK Editor

CREST, IASME to deliver UK NCSC’s Cyber Incident Exercising scheme

Sep 26, 20233 mins
Data and Information SecurityIncident ResponseIT Governance Frameworks

CIE scheme aims to help organisations find quality service providers that can advise and support them in practising cyber incident response plans.

uk united kingdom fallback generic shutterstock
Credit: Shutterstock

Cybersecurity membership body CREST and the Information Assurance for Small and Medium Enterprises (IASME) consortium are partnering with the UK National Cyber Security Centre (NCSC) to deliver its new Cyber Incident Exercising (CIE) scheme. The CIE scheme aims to help UK businesses find high-quality service providers that can advise and support them in practising cyber incident response plans.

Organisations wishing to join the CIE scheme will be assessed against the NCSC CIE Standard by CREST and IASME, who will manage the onboarding, monitoring, and offboarding of providers. The CIE scheme will launch fully later this year, with registrations now open for organisations to apply to become assured providers.

CIE scheme assures cyber incident response plan practice providers

The CIE scheme is for organisations providing tailored exercises for client organisations which already have cyber incident response plans in place. Service providers will be assured of two delivery methods, the NCSC wrote.

The first is tabletop exercises - discussion-based sessions where representatives from relevant teams meet to discuss their roles and responsibilities, expected activities, and key decision points in accordance with an incident response plan. Discussion is facilitated by the provider and driven by a prepared cyber incident scenario.

The second is live play exercises, where team members execute their roles and responsibilities in response to controlled injects which represent a given cyber incident scenario. Different participants will typically receive different sets of injects, while activities and decisions happen in close to real-time with the incident pace and timeline governed by an exercise controller. Live play exercises are best suited to mature organisations looking for in-depth validation of plans.

CIE standard covers incidents affecting a single organisation

The scope of the CIE standard covers exercises designed to simulate incidents which have a significant impact on a single client organisation. It does not cover incidents spanning multiple organisations or Category 1 and Category 2 incidents, as defined by the UK cyberattack categorisation system.

"We are really looking forward to working with companies of all sizes and in all areas of the UK to deliver this important scheme," said Dr Emma Philpott MBE, CEO of IASME. "We feel strongly about ensuring that the scheme is accessible for smaller cybersecurity companies to become assured providers."

With rising cyberattacks on enterprises of all types, effective cyber incident response is one of the most important parts of building cyber resilience, added Rowland Johnson, president of CREST.

UK Editor

Michael Hill is the UK editor of CSO Online. He has spent the past five-plus years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security. A keen storyteller with a passion for the publishing process, he enjoys working creatively to produce media that has the biggest possible impact on the audience.

More from this author