Security Incident Response Simulations - AWS Security Incident Response Guide

Security Incident Response Simulations

Security Incident Response Simulations (SIRS) are internal events that provide a structured opportunity to practice your incident response plan and procedures during a realistic scenario. SIRS events are fundamentally about being prepared and iteratively improving your response capabilities. Some of the reasons customers find value in performing SIRS activities include:

  • Validating readiness.

  • Developing confidence by learning from simulations and training staff.

  • Following compliance or contractual obligations.

  • Generating artifacts for accreditation.

  • Being agile and gaining incremental improvement with focus.

  • Improving speed and tools.

  • Refining communication and escalation.

  • Developing comfort with the rare and the unexpected.

For these reasons, the value derived from participating in a SIRS activity increases an organization's effectiveness during stressful events. Developing a SIRS activity that is both realistic and beneficial can be a difficult exercise. Although testing your procedures or automation that handles well-understood events has certain advantages, it is just as valuable to participate in creative SIRS activities to test yourself against the unexpected.