During an audit as a third party security consultant you are told that the organization being audited conducts an exercise annually during which prominent IT staff and the security team gather in a meeting room and discuss how they would handle various security incidents and disaster scenarios. This exercise is then used to update any policies and playbooks. What type of exercise are they describing?
Business Impact Exercise (BIE)
Incident Response Planning (IRP)
Dungeons and Dragons (DND)
|Operations and Incident Response|
|Architecture and Design|
|Governance, Risk, and Compliance|
|Attacks, Threats, and Vulnerabilities|