Skip to main content

Safe and reliable: Business continuity exercises of .si


TTX (Tabletop Exercise) is a crisis management exercise. Members of the organization act out a response to a certain event, incident or information security threat. This is a way to check and improve the organization’s readiness for potential security incidents.

Registry .si has set itself the goal of conducting a yearly crisis management exercise in its business continuity policy. Through this, we test our responsiveness to information security threats. At the same time, the exercise allows us to test our procedures, identify potential deficiencies, and improve our security incident response capabilities. We believe such exercises are crucial for our effective management and reduction of risks related to information security and for ensuring the business continuity of .si.

All employees participate in the exercise. The employees play the roles that we perform as part of our regular work process. This helps to contribute to a comprehensive test of the responsiveness of the Registry .si to security incidents. Even though that these types of exercises are announced and planned, there is always some nervousness and uncertainty in the team.

Imagine that the employee on duty informs us via the internal notification channel about unusual activities in the network. He/She suspects our network infrastructure is being attacked with ransomware, malicious code.

The IT team immediately checks the event more closely. The crisis team is immediately gathered and the business continuity plan is activated since it is determined that the attacker successfully broke into the network, gained access to important systems and he/she encrypted sensitive data on the servers. While tackling the incident, we also receive a notification on crypto-ransomware. The resolution of the incident is continuously monitored and managed by the crisis manager. The crisis IT team implements all necessary measures to contain and resolve the incident and searches the source of the attack. We also address compliance issues and decide whether to pay the ransom. Members in charge of public relations are also actively involved in the process. They prepare messages for employees, stakeholders and the media. Messages and statements contain all the necessary information about the incident and the measures taken.

Such simulations allow us to identify deficiencies in existing procedures, technologies, employee knowledge and the opportunity to verify the effectiveness of security incident response plans, which primarily include rapid identification and response to threats and the participation of all relevant employees. Through such an exercise, we also check if the communication channels are effective, which can be crucial when it comes to real security incidents. After the exercise, employees evaluate what was done well and where we can still improve – we identify shortcomings and develop a plan to improve response strategies for incident handling.

At the Registry .si, we believe that the key to reducing the risks and identifying potential threats is raising employee’s awareness of information security. We learn how to safely handle sensitive information and how to prevent unwanted situations such as data loss or unauthorized access. Last but not least, such exercises encourage us to actively participate. This strengthens the overall safety culture and improves mutual trust and relationships.

Similar articles

36th CENTR Marketing workshop in Ljubljana

At the end of October, the .si Registry hosted the Marketing Section of the Association of European Registries – CENTR in Ljubljana

More …

Trademarks, geographical indications and internet domains

Trademarks, geographical indications and internet domains are three separate rights, but due to their similar use on the internet, they are often interconnected and therefore easily confused. Trademarks and geographical indication designate the origin of the goods or services and the connection between these goods/services and a specific provider. A domain can also have the same function.

More …

Studies on DNS Abuse – reality check or industry incentive?

In July 2022 the Interisle Consulting Group published their annual study on the prevalence of phishing attacks. Interisle, a private consulting firm consisting of industry experts, some of which have held positions at ICANN, analysed over three million phishing reports from 1 May 2021 to 30 April 2022 from multiple intelligence providers, but also took into account data from 2020 to create an biennial overview of phishing attacks – fraudulent practices of sending emails or setting up websites purporting to be from reputable companies in order to induce internet users to reveal personal information, such as passwords and credit card numbers.

More …