Cybersecurity Tabletop Exercise
Rehearsing for a cybersecurity incident to uncover gaps in your incident response plan and test your team’s ability to respond
What Is a Tabletop Exercise?
Your organization has established an incident response plan. However, do all the identified stakeholders in the plan know what to do when an incident occurs? Similar to a fire drill, the purpose of the tabletop incident response plan exercise is to prepare the client’s technical and executive team to effectively handle significant security incidents prior to an actual incident occurring in real life.
The tabletop exercise is a virtual, role play exercise that is intended to simulate a real-life experience. It is a guided exercise led by our Incident Response Handler. Various events, obstacles, challenges, and communications will be put to the client team in order to give a perspective of a real-world cyber incident.
Stakeholders and Process
Set the scene and create a backstory
Conduct the tabletop exercise online
Conduct a review and recommendation briefing
Incident response plan
An incident response plan is a set of procedures that your organization will follow in the event of a security breach. IRPs should support the organization and be well embedded into organizational policies to ensure that there is a wide reach. Organizations that do not integrate IRPs into policies increase their risk of staff being unable to execute on the documented procedures. Having a well-executed incident response plan provides internal and external stakeholders assurance that your organization is prepared to reduce recovery time objectives (RTOs) thus minimizing the impact of breaches. Organizations should follow well established, well-reputed frameworks when constructing IRPs. Most incident response plans have 6 high-level steps to follow: Prepare, Identify, Contain, Eradicate, Recover and Conduct Lessons Learned
Incident Response Retainer
An incident Response Retainer (IRR) is a service that allows you to get additional help with cyber incidents.
Data forensics, 24-hour response number, incident response specialists and other service providers will be available to your team.