Design a Tabletop Exercise to Support Your Security Operation

Trust but verify that you are prepared for the next threat.

RETIRED CONTENT

Please note that the content on this page is retired. This content is not maintained and may contain information or links that are out of date.

Organizations that do not properly test organizational threat workflow through tabletop exercises risk being the next threat victim, exposing the organization to the next major headline. This is because:

  • Poor incident response negatively affects business practices, including workflow, revenue generation, and public image.
  • The incident response of most organizations is ad hoc at best. A formal management plan is rarely developed or adhered to, resulting in ineffective firefighting responses and inefficient allocation of resources.

An effective tabletop exercise can be used to:

  • Ensure organizational preparedness.
  • Identify effectiveness of the overall security program.
  • Streamline the security management program.
  • Identify people, process, and technology gaps.
  • Reduce incident costs and remediation time.
  • Increase operational collaboration between prevention, detection, analysis, and response efforts.
  • Enhance security pressure posture.
  • Improve communication with executives about relevant security risks to the business.
  • Preserve reputation and brand equity.

Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Module 1: Plan

The Purpose

Evaluate the need for a tabletop exercise.

Key Benefits Achieved

Defined drivers, challenges, methodologies, and needs.

Activities: Outputs:
1.1 Establish drivers and challenges for the tabletop exercise.
  • Documented drivers, challenges, methodologies, and needs
1.2 Document exercise methodology.
1.3 Identify needs and requirements.

Module 2: Design

The Purpose

Determine the topics, scope, objectives, and participant roles and responsibilities for the tabletop exercise.

Key Benefits Achieved

Documented threats, incidents, stakeholders, and logistics.

Activities: Outputs:
2.1 Determine the threats, incidents, and topics for the tabletop exercise.
  • Identified threats, incidents, and topics
2.2 Identify and assess people, process, and technology.
2.3 Coordinate the logistics.

Module 3: Develop

The Purpose

Create briefings, guides, reports, and exercise injects.

Key Benefits Achieved

A plan to develop exercise materials and evaluation criteria.

Activities: Outputs:
3.1 Develop exercise facilitation materials.
  • Facilitation Guide
3.2 Develop exercise injects.
  • Exercise Injects
3.3 Ensure continuous improvement.
3.4 Develop a threat escalation protocol.
  • Evaluation Criteria

Module 4: Conduct

The Purpose

Host the mock exercise in a conference or classroom setting.

Key Benefits Achieved

Execution of a mock tabletop exercise.

Activities: Outputs:
4.1 Conduct a mock tabletop exercise.
  • Tabletop Exercise Inject Examples
  • Mock Tabletop Exercise Results

Module 5: Evaluate

The Purpose

Document exercise findings, lessons learned, and next steps.

Key Benefits Achieved

A plan to ensure measurement and continued improvement.

Activities: Outputs:
5.1 Ensure continuous improvement.
  • A plan for continuous improvement
5.2 Perform an evaluation of the tabletop exercise.
5.3 Schedule an after-action review with appropriate stakeholders.
  • After-Action Review
Visit our IT Critical Response Resource Center
Over 100 analysts waiting to take your call right now: +1 (703) 340 1171