The workshop focused on improving awareness on cybersecurity incident response and reporting, including reporting obligations to the department and the applicable regulatory authorities.
Consultants from Tesserent facilitated the workshops and provided an overview of the Cyber Threat Landscape.
The workshop provided groups with information about a fictional ransomware incident. Participants made judgements and decisions about dealing with the incident based only on the information provided.
This gave participants a sense of the uncertainty often experienced when an incident occurs, and of working as a team to address the uncertainty and plan a response.
The workshop recommended that each organisation:
- Establish Cybersecurity Incident Response Plans and Playbooks
- Conduct regular cybersecurity incident response exercise and including reviewing the plan reviews.
- Understand and document the organisation’s reporting obligations with respect to cybersecurity incidents.
- Register to access DFFH’s VPDSS SharePoint site for additional guidance on cybersecurity best practices and then access the department’s Funded Agency Incident Reporting Guide
- Review and improve the organisation’s cybersecurity program
- Participate in future cybersecurity workshops.