Tabletop Exercises for Cyber Incident Response

Tabletop Exercises for Cyber Incident
Photo by fauxels

Tabletop Exercises for Cyber Incident Response teams are effective tools for assessing the ability of an organization to protect and preserve sensitive data.  These exercises engage team members to respond to a variety of scenarios.  This provides an evaluation of the Cyber Incident Response Plan’s technologies, processes, and personnel’s ability to maintain confidentiality, integrity, and availability of information.

Types of Tabletop Scenarios

Scenarios can  be created that are relevant to all business sectors; from a large organization that implements Internet of Things (IoT) technology involved with critical infrastructure, to a small organization finding ways to deal with data breaches and ransomware attacks.  These scenarios need not be limited to computer networks.  These exercises can also include national disasters such as fires, floods, and storms.

Possibilities can also include data shared with third parties that could threaten an organization’s supply chains.  Additionally, internal threats should be considered such as cyber attacks from employees and contractors.  In essence, all involved parties should be included and all types of cybersecurity threats should be considered when appraising the incident response plan.

Sources for Tabletop Exercises

A number of standards for are available for conducting these sessions.  Sources should be selected based on the requirements of the organization.  One such standard is available from the National Institute of Standards (NIST), NIST SP 800-84.  This exercise is overseen by a facilitator and involves break out groups. 

The Cybersecurity & Infrastructure Security Agency (CISA) also provides publications that include numerous threat vectors including ransomware, insider threats, and phishing.  Materials are available for specific organization types such as; local governments, schools, industry, health care, and infrastructure such as water systems. 

Guidelines for Getting the Most From Your Exercise

Firstly, understand and define the risk environment for your organization.  This should be a process that involves upper management and all stakeholders.  Many risks can be addressed for mitigation, but others, such as a meteor strike, may be accepted.  This will set boundaries for your exercise session.

Secondly, complete your Incident Response Plan.  It is impossible to access something that has not been formalized.  Create a plan and give your team members amble time to understand it.  This will lead to a fruitful process that will illuminate where the plan is likely to succeed and where changes will need to be made.

Information Security Management Systems

Ultimately an organization must address risks to effectively manage any deterrence or mitigation plan.  This involves identifying the risk, planning mitigations, assessing the effectiveness of the plans, and acting to continually improve performance.  To effectively oversee a cybersecurity framework an Information Security Management System (ISMS) is required.

An Information Security Management System is a collection of policies, procedures, and controls that systematically address information security in an organization.  It is a framework based on risk assessment and risk management.  The most widely recognized and instituted ISMS in the business environment is ISO 27001.  It shares many of the features of a quality management system such as ISO 9001. 

Because an ISMS is a management system it incorporates mitigation strategies beyond technical solutions such as firewalls and anti virus programs.  As such, an ISMS must be designed to the specific requirements and risk profile of an organization.  This would include the establishment of objectives for the establishment of security controls and the identification of all information assets within the organization (this includes electronic data, people, and paperwork.

CVG Strategy Information Security Management System Consultants

To assist businesses handling Controlled Unclassified Information (CUI) meet the challenges in implementing and maintaining an  Information Security Management System (ISMS), CVG Strategy has developed an approach that combines the requirements of Cybersecurity Maturity Model Certification (CMMC) compliance with the ISO 27001 information security management system.  This provides a coherent methodology for implementing and maintaining essential cybersecurity for businesses of any size.

We can help you meet your information security management system goals.  CVG Strategy ISMS experts are Exemplar Global Certified Lead Auditors.  We can provide the training required to understand and engage in a ISMS and make it meet desired objectives.  We can also provide assessment services including Tabletop Exercises for Cyber Incident Response to validate your organization’s ability to protect and preserve sensitive information.

Kevin Gholston

Share this post