22NTC Session: IT
Planning for Failure: Making Sure Things Fail Safely
Submitted by: Colin Boyle | Step Up Suncoast


Look, no matter how much you plan, your stuff is going to fail. Stuff breaks, the world is full of people whose job it is to break into your network, and you have certainly cut a corner somewhere.

Now that we’ve made peace with the idea that our best laid plans will at some point go awry, how do we make sure that we minimize the damage?

We’ll talk briefly about the NIST Risk Management Framework

We’ll talk about Risk Assessments and how to do them.

We’ll talk about making a formalized data breach plan. Who gets notified, in what order, what are the plans to mitigate the breach, how do you resume normal operations.

We’ll talk about doing a pre-mortem. Do a drill in which you pretend your systems have failed. Ask yourself how they would fail and how to mitigate it.

You absolutely need to involve others in your planning. Outside perspectives are crucial to good planning.

Hopefully 5-10 minutes for questions.

By the end of the session, attendees should have a grasp of NIST Risk Management, Risk Assessments, and incident planning.

Session Type

60 minute session

Learning Outcomes

  • Basic NIST risk management
  • How lead a risk assessment
  • Incident protocol planning

Target Audience

IT decision makers, security staff, IT staff


March 25, 2022


10:00am – 11:00am PST