Run regular simulations - AWS Security Incident Response Guide

Run regular simulations

Organizations grow and evolve over time, as does the threat landscape. Because of this, it’s important to continually review your incident response capabilities. Simulations are one method that can be used to perform this assessment. Simulations use real-world security event scenarios designed to mimic a threat actor’s tactics, techniques, and procedures (TTPs) and allow an organization to exercise and evaluate their incident response capabilities by responding to these mock cyber events as they might occur in reality.

Simulations have a variety of benefits, including:

  • Validating cyber readiness and developing the confidence of your incident responders.

  • Testing the accuracy and efficiency of tools and workflows.

  • Refining communication and escalation methods aligned with your incident response plan.

  • Providing an opportunity to respond to less common vectors.