Incident Response Tabletop Exercises are an important form of organizational training.
The purpose of the tabletop exercise is to validate the existing Information Security Incident Response Plan and identify its strengths and weaknesses. Conducting these exercises promotes changes in attitudes and perceptions, and enhances the overall cyber response posture and collective decision-making process of participating teams and stakeholders.
The objectives of the incident response tabletop exercise include the following:
Benefits of a Tabletop Exercise performed by RedLegg include:
Gain insight into many of the risks faced within your enterprise by identifying shortcomings in your existing security program.
Prioritize the biggest threats to the organization and strategically plan the necessary roadmap to safeguard your organization.
Reduce the impact and likelihood of a successful breach and data exfiltration through testing and securing of your organization.
Show customers and stakeholders your commitment to securing and protecting the most valuable assets against various threat actors.
Objective | Participants | Scenario | Planning | Engagement | |
Technical | To assess IR Plan in regards to technical staff roles and responsibilities. | Security Managers, Analysts, Technical Staff | Custom | Kick-off call | 4 hours on-site |
Technical + Executive | To assess IR Plan in regards to company-wide roles and responsibilities. | Technical + C-suite, Counsel, PR | Custom | Kick-off call | 4 hours on-site |
Your RedLegg facilitator will provide...
This includes the exercise agenda, schedule, handouts, feedback forms, and exercise summary document.
The scenario is created by RedLegg Advisory Services, based on the information gathered during the Kickoff call and the existing Client Incident Response Plan. Includes roles and participants required for the exercise.
Notes are created by the RedLegg Observer, paying particular attention to how the proceedings highlight communication gaps within Participant areas or other departments with which they most frequently interact.
A Hot Wash takes place immediately after the tabletop exercise, allowing Participants to provide the initial feedback while details are still fresh in their minds. Participants also perform a self-assessment and discuss the positive outcomes and areas for improvement. Data Collectors receive immediate feedback, as well as the opportunity for self-assessment and discussion surrounding the major issues and outcomes of the exercise. The Hot Wash also allows Data Collectors to ask for needed clarifications and any missing information.
Feedback received during the Hot Wash and through the Participant Feedback Forms will be reviewed by the RedLegg Facilitator and discussed during the follow-up Lessons Learned session with all tabletop exercise participants and designated department/corporate management.
Your RedLegg facilitator will provide...
This includes the exercise agenda, schedule, handouts, feedback forms, and exercise summary document.
The scenario is created by RedLegg Advisory Services, based on the information gathered during the Kickoff call and the existing Client Incident Response Plan. Includes roles and participants required for the exercise.
Notes are created by the RedLegg Observer, paying particular attention to how the proceedings highlight communication gaps within Participant areas or other departments with which they most frequently interact.
A Hot Wash takes place immediately after the tabletop exercise, allowing Participants to provide the initial feedback while details are still fresh in their minds. Participants also perform a self-assessment and discuss the positive outcomes and areas for improvement. Data Collectors receive immediate feedback, as well as the opportunity for self-assessment and discussion surrounding the major issues and outcomes of the exercise. The Hot Wash also allows Data Collectors to ask for needed clarifications and any missing information.
Feedback received during the Hot Wash and through the Participant Feedback Forms will be reviewed by the RedLegg Facilitator and discussed during the follow-up Lessons Learned session with all tabletop exercise participants and designated department/corporate management.
Before testing your incident response with technical and/or executive staff, RedLegg's expert facilitator will begin the process with a Kick-off Call. We will get to know you, your staff, your technologies, and your operations.
Our expert facilitator will then meet with you on-site to conduct the Tabletop Exercise. The facilitator has compiled research and notes to observe response in a particular area of concern, that may be vulnerable to attackers. During the four-hour session with your staff, our facilitator will present a simulation, custom-tailored scenario and prompts, in order to observe your team's communication and IR Plan in play.
We typically offer two exercise tracks: one for technical staff and one for technical staff with executive leadership. We see best results when a business first tests their technical staff, then tests technical and executive teams together.
Another general rule of thumb is to conduct a Tabletop Exercise more than once to ensure your team's response adapts to changing environments: technologies, staff, regulatory, and industry landscape.
After the exercise, our facilitator debriefs your team in a Hot Wash. Then, we follow-up once again later-on to review notes and offer further feedback to help bolster your security posture and response.
Reach out to our expert staff to learn how a facilitated tabletop can prepare your organization for an incident today.
SCHEDULE MY DEMO