Incident Response Program
- Readiness and Detection Review
- BIA (Impact Analysis) / Risk Assessment
- Computer Security Incident Response Plan (CSIRP) Development
- Computer Incident Response Team (CIRT) Development
- First Incident Responder Training
- Dark Web Investigation and Monitoring (OSINT)
- Table Top Exercises
- Attack Simulation & Response Exercise (Red / Purple Team)
- Annual Review
- Emergency Incident Response / DFIR
- SOAR / Adaptive Security Use cases and strategy
5 Reasons Why Tabletop Exercises Can Strengthen Your Incident Response
1) They deliver an excellent return on investment.
Relative to other tactics you could choose to assess security capabilities, a tabletop exercise typically has a lower cost and requires fewer resources while still delivering useful information quickly. If you engage with an outside expert like Trustwave, they’ll develop a customized scenario for you, which means your team can get results from just a few hours of participation.
2) Security processes and team members are tested in a safe environment.
Unless your organization is particularly vulnerable – or unlucky – you’re not responding to incidents all the time. A tabletop exercise lets everyone focus on how they’d respond to a specific cyber incident without the risk and stress of a real-world situation.
3) Team members from all levels and parts of your organization can join.
Security emergencies affect technical team members, business owners, executives and others throughout your organization. A well-written tabletop scenario helps everyone familiarize themselves with their role during an incident. Like an actual emergency, varying team members will participate at different times and have unique responsibilities, but everyone can have an opportunity to engage during the exercise.
4) They identify gaps and can help you improve your IR plan.
Once the tabletop exercise is underway, interactions among participants will uncover whether roles are understood, communication lines are clear, procedures are available and more. All this information will give you a realistic view of the effectiveness of your security processes and procedures, and highlight gaps to fill or areas to improve.
5) You will learn about issues before they happen for real.
Of all the reasons to conduct a tabletop exercise, this is arguably the most important. Tabletop exercises are great at identifying questions that need answers, responsibilities that need owners or processes that need developing. These might be as simple as identifying the team member who is responsible for notifying law enforcement of a breach – or perhaps something more involved, like defining criteria for quarantining versus rebuilding infected systems. Whatever issues are identified, it is better to identify and resolve them in a safe setting during or after an exercise than on the fly while responding to a legitimate security emergency.
If you lack the internal resources to stand up a tabletop exercise yourself, our experienced Trustwave SpiderLabs DFIR Consulting team members can help get you up and running. A member of our team starts by working with you to understand your organization’s environment, personnel and objectives. Learn more about Trustwave SpiderLabs DFIR Consulting services.
- carnegie mellon university – incident managment capability assessent workbook
- ISO/IEC 27035-1:2016 Information technology — Security techniques — Information security incident management — Part 1: Principles of incident management
- NIST NIST.SP.800-61r2 Computer Security Incident Handling Guide – https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
- Data breach preparation and response RSS feed – https://www.oaic.gov.au/privacy/guidance-and-advice/data-breach-preparation-and-response/