Every C-Level executive and senior manager has their own personal nightmares of “off the air” and “risky business”. Your personal nightmare might be the kidnapping of your workers: who could forget Ross Perot’s heroic rescue of his two EDS staffers from Iran in 1978? Or as extreme as the kidnapping, torture and execution of a valued employee: remember the televised beheading of Wall Street Journal’s Daniel Pearl in 2002?
Maybe your nightmares are more financially grounded, such as the impact on your business of a smaller scale version of the multi-billion dollar insider global electronic bank fraud that occurred just last week. You might be bugged by the parade of constantly updated cyber-crime reports that make hacking, cyber-fraudc, electronic extortion and malicious and untrustworthy software seem like business as usual.
You could be losing sleep worrying about science-fiction-like threats such as home built electromagnetic pulse weapons being used increasingly by terrorists, competitors and disgruntled insiders to eviscerate your electronic infrastructure: routers, servers, cell phones, iAnything, and all other things digital. And to top it all off the real meaty and valuable reports remain shrouded in a specialized language impenetrable to most C-Level and senior level managers.
Clearly the C-Level and senior executive skillset of 2012 must be broadened to include these new threats to the continuity of your business. You don’t personally need to know how to disarm an electromagnetic pulse weapon wielding terrorist in your corporate computing cloud. But, you do need a better understanding of emerging threats and risks from the bad buys if you are truly to remain the informed and prepared steward of your company, public or private, big or small.
This begs the question, how does one gain such knowledge and experience without going through a real life cyber catastrophe? The Infosec Society of the Technology Association of Georgia is providing one answer: we are creating a cyber attack and business continuity simulation to give C-Level executives, senior management and their supporting security teams the chance to respond to a realistic scenario. You may be one of the three dozen or so individuals role playing in scenario positions parallel with your real job. Or maybe you will be one of the hundreds of observers. Either way you will learn things that you can’t learn any other way, except the “real thing”. And all in about 3 hours.