Salus are more than just cybersecurity experts – we're a strategic partner in your digital defence. As a proud holder of the NCSC's Cyber Incident Exercise (CIE) Assured Service Provider accreditation, you can trust us to protect your business from cyber threats.

This achievement is a testament of our commitment to helping organisations strengthen their incident management processes and prepare for cyber incidents.

In this post, we'll explain the value of working with a CIE-assured provider like ours, how the scheme works, and the benefits of leveraging this service to stay one step ahead of cyber threats. Furthermore, discover some examples of tabletop exercises and live exercises that our clients have found helpful in preparing for potential cyber incidents.

1. The Value of CIE and How the Scheme Works

As an CIE Assured Service Provider, we deliver controlled, scenario-based, tailored exercising that conforms to the NCSC rigorous standard. These exercises are designed to support organisations in practising, evaluating, and improving their cyber incident response plans in a safe and controlled manner. This is not about testing your cyber defences but rather exploring and assessing your response plans should a cyber incident occur.

2. Who is it for?

The CIE scheme is aimed at organisations with existing cyber incident response plans, looking to rehearse, evaluate, and improve their processes. This includes:

• A wide range of UK businesses
• Charities
• Public sector and government organisations

CIE covers organisationally significant incidents that have potential for considerable operational, financial, or regulatory impacts. Salus caters to Category 3,4 and 5 incidents on the UK's Cyber Attack categorisation system.

Leveraging Our Expertise

As a trusted partner, Salus is dedicated to helping organisations build resilience against cyber threats. With our expert guidance, you can rely on us to help fortify your business against even the most sophisticated attacks.
Whether you're looking to review and refine your incident response plans or strengthen your overall cybersecurity posture, we've got you covered. Our team is here to support you every step of the way, empowering you to anticipate and respond to cyber incidents.

Here are a few ways in which our CIE services can benefit your organisation:

• Comprehensive Exercise Design: Our team of experts will work with you to design and deliver tailored exercises that meet the specific needs of your organisation. This ensures that you receive a truly bespoke experience that addresses any areas of concern.
• Scenario-Based Exercises: We'll create realistic scenarios that simulate realistic cyber incidents, allowing you to test your incident response plans in a safe environment. Our exercises are crafted to be engaging and thought-provoking, ensuring that you gain valuable insights into the effectiveness of your plans.
• Expert Facilitation: Our experienced facilitators will guide you through each exercise, providing adept guidance and support every step of the way. This gives you assurance that you receive the most value from our services and can confidently apply what you've learned to your own organisation.
• In-Depth Analysis and Reporting: After each exercise, we'll provide a thorough report detailing any areas for improvement, recommendations for change, and tangible findings into how much you can strengthen your security resilience.

The Hidden Value of Exercises

As organisations face increasing cyber threats, it's essential to have a robust cyber security plan in place. One often-overlooked aspect of this plan is exercises – simulated scenarios that allow your team to practice and improve their response to cyber incidents.

While some might assume that exercises are expensive and time-consuming, the truth is quite the opposite. Our exercises are designed to be efficient and effective, with varying levels of scope and complexity to suit your organisation's needs.

Typical Exercises

Some common examples of exercises that we conduct for our clients include:

• Tabletop Exercises: We work with clients to create customised tabletop exercises, either using a proprietary framework or the NCSC's 'exercise in a box' approach. These exercises typically involve a group discussion and simulation of an incident response scenario, with the goal of identifying strengths, weaknesses, and areas for improvement in your organisation's incident response plan.
• Live Exercises: With clear rules of engagement established beforehand, our seasoned penetration testers conduct a live simulation, pushing the limits to uncover weaknesses and demonstrate potential attack scenarios.

Small Scope Tabletop Exercises

For smaller organisations or those just starting out, our small scope tabletop exercises are an ideal introduction to cyber incident response planning. These 1–2-hour sessions can be broken down into half-day increments, making them easy to fit into a busy schedule. Our team will work with you to tailor the exercise to your specific needs and goals.

Larger Scope Tailored Tabletop Exercises

As organisations grow and become more complex, so do their cybersecurity needs. Our larger scope tabletop exercises are designed for those who require in-depth support. Typically lasting 3-4 hours with numerous stakeholders, these exercises allow our team to work closely with yours to simulate a range of scenarios and challenges.

Live Exercises

For advanced organisations or those requiring a high level of realism, our live exercises are the ultimate test of your cybersecurity effectiveness. These week-long engagements involve extensive reconnaissance, planning and execution, allowing us to push your team to its limits in a safe and controlled manner.

The Cost? Not as much as you think

While we believe that exercises offer unparalleled value, we also understand that budget is always a consideration. Our pricing model is flexible and scales with the size of your organisation and the level of complexity you require.

Contact us to learn more about how our exercises can be tailored to suit your specific budget and needs.

Benefits of Exercises

By participating in tabletop or live exercises, clients can:

• Identify areas for improvement in their incident response plan.
• Test the effectiveness of their incident response procedures.
• Enhance their organisation's preparedness and resilience against cyber threats.

At Salus, we strive to simplify the intricacies of cybersecurity, providing actionable insights and practical solutions for real-world challenges. Our NCSC-assured CIE service is designed to put your incident response plans and procedures to the test, helping you to be ready to manage potential disruptions. Together, we can prepare your organisation for the unexpected, ensuring you're equipped to handle any type of cyber incident with poise and precision.

Useful Links

Link to the provider info

Introduction to Cyber Incident Exercising - NCSC.GOV.UK

Categorising UK cyber incidents - NCSC.GOV.UK

Tabletop exercises