Enterprise cybersecurity programs take many forms to address unforeseen – and hopefully never occurring – data intrusions into your network. You’ve authored policies and implemented systems, but ultimately time passes. When was the last time your organization tested the cyber readiness of your team? When did you last measure the responsiveness to an attack on your computer network?
A “tabletop exercise” might be in your future. FEMA defines this process as “…an instrument to train for, assess, practice, and improve performance in prevention, protection, response, and recovery capabilities in a risk-free environment.”
Organizing a tabletop exercise may be the most effective evaluation to determine how your teams and your planning will react to a speculative or mock threat – such as a data breech or ransomware. The session can introduce a real-world scenario that: 1) utilizes your company’s actual enterprise response plan; 2) measures your team’s response and actions; and 3) provides for a gap analysis and evaluation of the plan and your teams reactions.
Like the name suggests, a tabletop exercise is normally held in an informal or meeting-like setting. It introduces a pre-selected scenario to the group, allowing for key resources to interact with others and perform the expected (planned) actions as outlined in the response plan. These sessions may typically last 2-4 hours, though some may last several days depending on how elaborate the plan and scenario are.
The outcome of the exercise gives you a highly effective, yet cost saving, test of your enterprise plan, resources and execution, all without endangering your data systems.
A comprehensive guide to tabletop exercises can be found at the CISA.gov website here. You’ll find scenarios, planning guides, evaluation criteria and feedback forms.
A key to a successful response plan is the continual review, test and modification as your enterprise grows and matures.
If you’d like to discuss a tabletop exercise for your organization or need assistance in reviewing the results and addressing any issues or concerns, contact me at firstname.lastname@example.org.
About the Author
Michael Hahn is Head of Security Practice for Prolifics, with more than 20 years of cybersecurity advisory and consulting experience to fortune 500 and government entities. As a technology leader and innovator, Michael has a track record of partnering with clients to enable unique, resilient and secure solutions within the IT space.