Creativity is encouraged and questions are welcomed.
Each group will play the roles and address the crisis from a different perspective.
The Chief Information Security Officer (CISO) Role: The CISO must be prepared to brief the CEO on the technical security aspects of the crisis. Be prepared to explain what happened, what is the best course of action and why, What could you have done to Detect, Protect, and Correct this incident? What is your 30, 60 and 90 day plan for recovery?
The Public Affairs Officers (PAO) Role: Be prepared to address the incident from a public policy and legal stand point. What information do we tell employees, stakeholders, public and law enforcement? Who should be authorized to talk with the media? Did we have a plan in place? What is our plan going forward to manage the damage? What are the legal implications of this incident? (to the company, to individual responsible?)