Enterprise cybersecurity programs take many forms to address unforeseen \u2013 and hopefully never occurring \u2013 data intrusions into your network. You\u2019ve authored policies and implemented systems, but ultimately time passes. When was the last time your organization tested the cyber readiness of your team? When did you last measure the responsiveness to an attack on your computer network?<\/p>\n
A \u201ctabletop exercise\u201d might be in your future. FEMA defines this process as \u201c\u2026an instrument to train for, assess, practice, and improve performance in prevention, protection, response, and recovery capabilities in a risk-free environment.\u201d<\/p>\n
Organizing a tabletop exercise may be the most effective evaluation to determine how your teams and your planning will react to a speculative or mock threat \u2013 such as a data breech or ransomware. The session can introduce a real-world scenario that: 1) utilizes your company\u2019s actual enterprise response plan; 2) measures your team\u2019s response and actions; and 3) provides for a gap analysis and evaluation of the plan and your teams reactions.<\/p>\n
Like the name suggests, a tabletop exercise is normally held in an informal or meeting-like setting. It introduces a pre-selected scenario to the group, allowing for key resources to interact with others and perform the expected (planned) actions as outlined in the response plan. These sessions may typically last 2-4 hours, though some may last several days depending on how elaborate the plan and scenario are.<\/p>\n
The outcome of the exercise gives you a highly effective, yet cost saving, test of your enterprise plan, resources and execution, all without endangering your data systems.<\/p>\n
A comprehensive guide to tabletop exercises can be found at the CISA.gov website here<\/span><\/a>. You\u2019ll find scenarios, planning guides, evaluation criteria and feedback forms.<\/p>\n A key to a successful response plan is the continual review, test and modification as your enterprise grows and matures.<\/p>\n If you\u2019d like to discuss a tabletop exercise for your organization or need assistance in reviewing the results and addressing any issues or concerns, contact me at cybersecurity@prolifics.com<\/span><\/a>.<\/p>\nAbout the Author<\/h4>\n