TABLETOP EXERCISE

WHAT IS A TABLETOP EXERCISE?

Incident Response Tabletop Exercises are an important form of organizational training.

The purpose of the tabletop exercise is to validate the existing Information Security Incident Response Plan and identify its strengths and weaknesses.  Conducting these exercises promotes changes in attitudes and perceptions, and enhances the overall cyber response posture and collective decision-making process of participating teams and stakeholders.

The objectives of the incident response tabletop exercise include the following:

  • Understand roles and responsibilities during an incident.
  • Maximize utilization of the tools and resources that the Client has at its disposal to support the incident management processes.
  • Exercise the decision-making process invoked when incidents occur.
Tabletop-Exercise-Pillar-Banner

Pretty much everything you'd need to know about incident response tabletop exercises. 

LEARN MORE

BENEFITS

Benefits of a Tabletop Exercise performed by RedLegg include:

INSIGHT:

Gain insight into many of the risks faced within your enterprise by identifying shortcomings in your existing security program.

EFFICACY:

Prioritize the biggest threats to the organization and strategically plan the necessary roadmap to safeguard your organization.

PROACTIVITY:

Reduce the impact and likelihood of a successful breach and data exfiltration through testing and securing of your organization.

COMPLIANCE:

Show customers and stakeholders your commitment to securing and protecting the most valuable assets against various threat actors.

August 15 | Downtown Chicago

Tabletop Exercise Workshop

Tabletop Exercise Workshops with RedLegg is a free regional event series for cybersecurity professionals looking to build and expand their security strategies in order to grow and better protect their businesses.

SERVICE TRACKS

   Objective  Participants  Scenario  Planning  Engagement
 Technical To assess IR Plan in regards to technical staff roles and responsibilities.  Security Managers, Analysts, Technical Staff  Custom  Kick-off call  4 hours on-site
 Technical + Executive To assess IR Plan in regards to company-wide roles and responsibilities.  Technical + C-suite, Counsel, PR  Custom  Kick-off call  4 hours on-site

 

WHAT YOU GET

  • EXPERT FACILITATOR
  • CUSTOM SCENARIO
  • OBSERVER NOTES
  • HOT WASH SESSION
  • LESSONS LEARNED SESSION

EXPERT FACILITATOR

Your RedLegg facilitator will provide...

  • Incident Response Tabletop Exercise Facilitation
  • Hot Wash Session Facilitation
  • Lessons Learned Session Facilitation

This includes the exercise agenda, schedule, handouts, feedback forms, and exercise summary document.

CUSTOM SCENARIO

The scenario is created by RedLegg Advisory Services, based on the information gathered during the Kickoff call and the existing Client Incident Response Plan.  Includes roles and participants required for the exercise.

OBSERVER NOTES

Notes are created by the RedLegg Observer, paying particular attention to how the proceedings highlight communication gaps within Participant areas or other departments with which they most frequently interact.

HOT WASH SESSION

A Hot Wash takes place immediately after the tabletop exercise, allowing Participants to provide the initial feedback while details are still fresh in their minds.  Participants also perform a self-assessment and discuss the positive outcomes and areas for improvement.  Data Collectors receive immediate feedback, as well as the opportunity for self-assessment and discussion surrounding the major issues and outcomes of the exercise.  The Hot Wash also allows Data Collectors to ask for needed clarifications and any missing information.

LESSONS LEARNED SESSION

Feedback received during the Hot Wash and through the Participant Feedback Forms will be reviewed by the RedLegg Facilitator and discussed during the follow-up Lessons Learned session with all tabletop exercise participants and designated department/corporate management.

  • EXPERT FACILITATOR
  • Your RedLegg facilitator will provide...

    • Incident Response Tabletop Exercise Facilitation
    • Hot Wash Session Facilitation
    • Lessons Learned Session Facilitation

    This includes the exercise agenda, schedule, handouts, feedback forms, and exercise summary document.

  • CUSTOM SCENARIO
  • The scenario is created by RedLegg Advisory Services, based on the information gathered during the Kickoff call and the existing Client Incident Response Plan.  Includes roles and participants required for the exercise.

  • OBSERVER NOTES
  • Notes are created by the RedLegg Observer, paying particular attention to how the proceedings highlight communication gaps within Participant areas or other departments with which they most frequently interact.

  • HOT WASH SESSION
  • A Hot Wash takes place immediately after the tabletop exercise, allowing Participants to provide the initial feedback while details are still fresh in their minds.  Participants also perform a self-assessment and discuss the positive outcomes and areas for improvement.  Data Collectors receive immediate feedback, as well as the opportunity for self-assessment and discussion surrounding the major issues and outcomes of the exercise.  The Hot Wash also allows Data Collectors to ask for needed clarifications and any missing information.

  • LESSONS LEARNED SESSION
  • Feedback received during the Hot Wash and through the Participant Feedback Forms will be reviewed by the RedLegg Facilitator and discussed during the follow-up Lessons Learned session with all tabletop exercise participants and designated department/corporate management.

OUR APPROACH

Before testing your incident response with technical and/or executive staff, RedLegg's expert facilitator will begin the process with a Kick-off Call. We will get to know you, your staff, your technologies, and your operations.

Our expert facilitator will then meet with you on-site to conduct the Tabletop Exercise. The facilitator has compiled research and notes to observe response in a particular area of concern, that may be vulnerable to attackers. During the four-hour session with your staff, our facilitator will present a simulation, custom-tailored scenario and prompts, in order to observe your team's communication and IR Plan in play.

We typically offer two exercise tracks: one for technical staff and one for technical staff with executive leadership. We see best results when a business first tests their technical staff, then tests technical and executive teams together.

Another general rule of thumb is to conduct a Tabletop Exercise more than once to ensure your team's response adapts to changing environments: technologies, staff, regulatory, and industry landscape.

After the exercise, our facilitator debriefs your team in a Hot Wash. Then, we follow-up once again later-on to review notes and offer further feedback to help bolster your security posture and response.

GET AHEAD OF YOUR INCIDENT.

Reach out to our expert staff to learn how a facilitated tabletop can prepare your organization for an incident today.

SCHEDULE MY DEMO