Simulation and Continuity of Operations (CoOP) Strategy Development
Setting a comprehensive simulation and testing strategy is the cornerstone to establishing a genuine ‘trust but verify’ oversight capability. This strategy should be comprehensive and built to verify that the organization is achieving the desired residual risk targets described in the organization’s risk appetite statement. Key Performance and Key Risk Indicators (KPIs & KRIs) should be documented in the organization’s enterprise risk register. The scope and priority of the simulation should be tightly coupled to the strategic goals of the enterprise. The scenarios selected should accurately verify the organization’s capability to address the most significant risks and corresponding potential impact. The ultimate goal of the program is to establish a confirmed level of confidence that your organization can maintain critical business capabilities during and restore normal operations following a sophisticated, disruptive event.
Risk Neutral has worked with clients to improve the quality and realism of their scenarios to more accurately reflect the impact, velocity and sophistication of real-world disruptive events. Tabletop exercises are a great place to start this process but should not be the only form of simulation relied upon by the senior leadership team. Leveraging OSINT (Open Source Intelligence) techniques and leading industry threat trending resources such as the MITRE ATTA&K Framework, the annual Verizon Breach Report, InfraGard and relevant ISAC (Information Sharing and Analysis Centers) bulletins adds a level of refinement to your simulation and testing strategy that reflects the most up to date risk and threat trends. With decades of Continuity of Operations (CoOP) and Business Continuity Planning (BCP) experience, over 70+ industry certifications, and participation in a wide range of risk, fraud, physical and cyber professional associations Risk Neutral is in a unique position to assist organizations in maturing this critical strategy development capability.
Effective Simulation Processes Require Both Discussion and Operational Exercises