By running through scenarios in a controlled environment, these exercises are a great way to identify any gaps or weaknesses in an organisation’s existing incident response plans and develop better strategies for responding to an incident.
What Are Cyber Incident Tabletop Exercises?
Cyber Incident Tabletop Exercises are role-playing exercises to help organisations test their preparedness and response to a potential cyber incident.
During a tabletop exercise, participants will typically work through a series of challenges and decision points, discussing how they would respond in each situation.
The purpose of the exercises is to learn, practice and play out various Cyber Security Incident Response scenarios. This allows you to test your staff’s reaction to an incident and simply see what could happen within your organisation when a compromise, data loss, false positive, insider threat or any other relevant situation happens.
They also give you the opportunity to see where the flaws are in your current incident response plans, without exposing the organisation to a live incident.
Exercises can be based and focused at board level, technical department, or specific to a type of team or environment. They can contain technical or non-technical contents, and evolve to include real-life attack artefacts and techniques that are designed to mimic malicious software or trigger the detection systems in place. These test not only your systems, but how your organisation and staff will react within a controlled and safe environment.
How Do Tabletop Exercises Work?
Tabletop exercises are completely tailored to your industry and organisation.The scope of the scenario is detailed following scoping calls with the relevant stakeholders and technical teams to understand the context of your organisation, for example, common threats, industry specifics, staff, infrastructure, technology and more.
These points are fed into the background and preparation phase of the exercise and used to tailor the scenarios and injects used.
At 3B Data Security, our staff would then meet with the chosen team participating in the exercise (online or in-house) and introduce the scenario.
From observing the ways in which the relevant teams deal with elements of the scenario-based exercise, our staff injects and guides the teams through numerous paths of different situations to mimic real-life cases and courses of action to play out and replicate what could occur or what has actually occurred from previous incident response cases.
The process and scenarios evolve constantly as the real-life intelligence from the day-to-day investigations is fed back into the exercising process as new techniques, artefacts and methodologies are discovered.
Our team would then make recommendations on improving the organisation’s preparedness and resilience when facing such incidents. Where necessary, assistance is given with response planning and playbook creation or revision.
Our team of experts have been involved in incident response in excess of 20 years. During this time, they have responded to and resolved emergency cyber incidents in all types of organisations from sole proprietorships to international blue chip organisations.
We use this knowledge and experience to proactively guide our clients and replay the scenarios, lessons learned and organisation reactions to help evolve and develop the cyber security and incident response maturity.
Get in touch with us today to find out more about our Tabletop exercises and how they can help improve your organisation's current cyber incident preparedness.