Incident Response testing is critical. A lot of banks are doing it, but some still aren't. It is required to achieve Baseline maturity in the 2015 FFIEC Cybersecurity Assessment Tool (D5.IR.Te.B.1 for those following along).
But what kind of 'scenarios' should your team be considering to improve incident detection and response?
Well, not long ago, I would have advised you to check out the threats at FS-ISAC, and pick one to discuss. But that would require some thought ahead of time on the right questions to ask to make the testing truly effective. And even then, will that be good enough? Will it satisfy examiners?
Recently, though, a colleague of mine told me about the FDIC Cyber Challenge resources, and that he had good success in using the scenarios and outlines as great starting points for Incident Response table-top testing.
Disclaimer #1: I had heard about these a while ago.
Disclaimer #2: At the time, I was dismissive of how useful they could be.
Disclaimer #3: I stand corrected.
Disclaimer #4: But the videos are still a bit corny at times.
Here's how you use them:
You show the video to the team, and then use the Challenge Materials PDF for that video to lead the team in discussion. Document the responses to the questions and any changes that need to be made to the Incident Response Plan, and you can mark that portion of the CAT as a YES.
So my recommendation would be that if you are struggling to come up with testing scenarios (or even if you are not) that you should check it out and give a couple a try. I can't see examiners being too critical of you (especially if you are examined by FDIC) if you are using a recommended resource that they've provided.