5 Questions (and more) With…Ranji Abraham and Cinda Haff

Indiana University’s Ranji Abraham, director of enterprise applications, and Cinda Haff, emergency management and continuity program director for the Office of the Vice President for Information Technology, talk with us about how they evaluate and prepare for cybersecurity threats through simulation exercises and staff training in order to increase their resilience.

Cybersecurity threats happen constantly. What are you doing for cyberattack preparedness?

Cyberattacks are a daily concern for information technology organizations, and those threats can come in many different types with varying impacts to computing services. Key components to prepare for the potential occurrence of attacks include creating disaster recovery plans for computing services, defining processes and procedures for responding to cyberattacks, and exercising those plans. Another key component to responding to cyberthreats is to train staff on how to monitor for potential attacks and steps to follow if an attack occurs.

Tell us more about what a tabletop exercise is.

A tabletop exercise is a discussion-based simulation of events that mimic a potential real-life situation, providing participants the opportunity to practice responses to the emergency conditions. The purpose of an exercise is to test and validate steps that would occur in response to the simulated emergency conditions, and then determine where process strengths are and if there are gaps that require improvements moving forward.

Can you give us a scenario you would simulate in your tabletop exercise?

As an institution, we rely on the confidentiality, integrity, and availability of various systems. We recently ran an exercise where some of these factors were compromised in our instance of CBORD’s CS Gold card system. We wanted to see how that might impact university operations, and how we would work to restore functionality.

Why is it important to do these types of exercises?

Exercises provide an organization with opportunities to simulate emergency situations in a low-stress environment to assess processes and procedures in response to potential real-time events that could occur. They provide opportunities to test communication plans, assess allocation of resources, determine gaps in recovery plans, and clarify roles/responsibilities – and they assist in building staff confidence in response to real emergencies.

Who across your organization is involved in creating your plan and acting out the exercises?

Indiana University Office of the Vice President for Information Technology utilizes the FEMA Incident Management System that contains defined roles and responsibilities for emergency needs. The emergency management program director coordinates the design of the exercises with assistance from subject-matter experts, depending upon the scenario being exercised. All members of the department’s incident management team structure participate in the exercises, which includes approximately 100 staff members.

How do you evaluate your process and enhance your response and recovery plans?

Goals and objectives for the exercise are defined in the initial design. The organization evaluates the results compared to those goals and objectives. Upon completion of the exercises, an after-action report is generated that outlines the pluses and minuses of the activities during the exercise. That information is then utilized for action steps to address gaps that were identified in the exercise to facilitate continuous improvement.

What do you think of the concept of putting cohorts together to help organizations learn and teach one another?

Collaborating with cohorts, especially with similar profiles, would be extremely valuable. Sharing best practices on how to prepare for threats to specific systems (i.e., CS Gold) allows for the whole community to benefit from our collective experience.

Where are you in this process now? What’s next?

After the exercise was completed, we engaged with CBORD staff to review some of the findings. We are implementing the feedback from the exercise and suggestions from CBORD as we increase our operational resilience and improve our effectiveness in responding to future threats.

Interested in learning more about how CBORD can support you in evaluating and preparing your organization to handle cybersecurity threats? Contact us today!