This document discusses the importance of testing security and business continuity plans through exercises and drills. It provides reasons for testing such as determining the soundness of policies, enhancing compliance, and assessing readiness. The document outlines dimensions of testing like prevention, detection, and response. It also gives examples of planning tests for IT security and a physical disaster. After tests are conducted, the document recommends reviewing results, discussing observations, documenting issues, and updating plans.