TABLETOP EXERCISE

WHAT IS A TABLETOP EXERCISE?

Incident Response Tabletop Exercises are an important form of organizational training.

The purpose of the tabletop exercise is to validate the existing Information Security Incident Response Plan and identify its strengths and weaknesses.  Conducting these exercises promotes changes in attitudes and perceptions. Tabletop exercises enhance an organization’s overall cyber response posture by improving the collective decision-making process of participating teams and stakeholders.

The objectives of the incident response tabletop exercise include the following:

  • Understand roles and responsibilities during an incident.
  • Maximize utilization of the tools and resources that you have at your disposal to support the incident management processes.
  • Exercise the decision-making process invoked when incidents occur.
Tabletop-Exercise-Pillar-Banner

Pretty much everything you'd need to know about incident response tabletop exercises. 

LEARN MORE

BENEFITS

Benefits of a Tabletop Exercise performed by RedLegg include:

INSIGHT:

Gain insight into many of the current risks within your enterprise by identifying shortcomings in your existing security program.

EFFICACY:

Prioritize the biggest threats to the organization and strategically plan a roadmap to better safeguard your organization.

PROACTIVITY:

Reduce the impact and likelihood of a successful breach and data exfiltration by testing and securing of your organization.

COMPLIANCE:

Show customers and stakeholders your commitment to securing and protecting the most valuable assets against various threat actors.

SERVICE TRACKS

   Objective  Participants  Scenario  Planning  Engagement
 Technical To assess IR Plan with respect to technical staff roles and responsibilities.  Security Managers, Analysts, Technical Staff  Custom  Kick-off call  4 hours on-site
 Technical + Executive To assess IR Plan with respect to company-wide roles and responsibilities.
 Technical + C-suite, Counsel, PR  Custom  Kick-off call  4 hours on-site

 

WHAT YOU GET

  • EXPERT FACILITATOR
  • CUSTOM SCENARIO
  • OBSERVER NOTES
  • HOT WASH SESSION
  • LESSONS LEARNED SESSION

EXPERT FACILITATOR

Your RedLegg facilitator will provide...

  • Incident Response Tabletop Exercise Facilitation
  • Hot Wash Session Facilitation
  • Lessons Learned Session Facilitation

This includes the exercise agenda, schedule, handouts, feedback forms, and exercise summary document.

CUSTOM SCENARIO

The scenario is created by RedLegg Advisory Services, based on the information gathered during the Kickoff call and from the existing Client Incident Response Plan.  Includes roles and participants required for the exercise.

OBSERVER NOTES

Notes are created by the RedLegg Observer, paying particular attention to how the proceedings highlight communication gaps within participant areas or departments with which they most frequently interact.

HOT WASH SESSION

A Hot Wash takes place immediately after the tabletop exercise, allowing participants to provide the initial feedback while details are still fresh in their minds.  Participants also perform a self-assessment and discuss the positive outcomes and areas for improvement.  Data Collectors receive immediate feedback from the self-assessment and from the discussion surrounding the major issues and outcomes of the exercise.  The Hot Wash also allows Data Collectors to request any subsequent clarifications or to inquire about any missing information.

LESSONS LEARNED SESSION

Feedback received during the Hot Wash and through the Participant Feedback Forms will be reviewed by the RedLegg Facilitator and discussed during the follow-up Lessons Learned session with all tabletop exercise participants and designated department/corporate management.

  • EXPERT FACILITATOR
  • Your RedLegg facilitator will provide...

    • Incident Response Tabletop Exercise Facilitation
    • Hot Wash Session Facilitation
    • Lessons Learned Session Facilitation

    This includes the exercise agenda, schedule, handouts, feedback forms, and exercise summary document.

  • CUSTOM SCENARIO
  • The scenario is created by RedLegg Advisory Services, based on the information gathered during the Kickoff call and from the existing Client Incident Response Plan.  Includes roles and participants required for the exercise.

  • OBSERVER NOTES
  • Notes are created by the RedLegg Observer, paying particular attention to how the proceedings highlight communication gaps within participant areas or departments with which they most frequently interact.

  • HOT WASH SESSION
  • A Hot Wash takes place immediately after the tabletop exercise, allowing participants to provide the initial feedback while details are still fresh in their minds.  Participants also perform a self-assessment and discuss the positive outcomes and areas for improvement.  Data Collectors receive immediate feedback from the self-assessment and from the discussion surrounding the major issues and outcomes of the exercise.  The Hot Wash also allows Data Collectors to request any subsequent clarifications or to inquire about any missing information.

  • LESSONS LEARNED SESSION
  • Feedback received during the Hot Wash and through the Participant Feedback Forms will be reviewed by the RedLegg Facilitator and discussed during the follow-up Lessons Learned session with all tabletop exercise participants and designated department/corporate management.

Practice Your Incident Response Plan

And Better Prepare Your Organization

Access My Sample Scenarios
TTX-Sample-Scenarios

OUR APPROACH

Before testing your Incident Response Plan with technical and/or executive staff, RedLegg's expert facilitator will begin the process with a kick-off call. We will get to know you, your staff, your technologies, and your operations.

Our expert facilitator will then meet with you to conduct the Tabletop Exercise. The facilitator will then compile research and notes to guide your response team through the events of a customized attack scenario. During the four-hour session with your staff, our facilitator will present a simulated, custom-tailored scenario, with prompts, in order to observe your team’s communication and ability to execute the IR Plan during a major security incident.

We typically offer two exercise tracks: one for technical staff and one for technical staff with executive leadership. We see best results when a business first tests their technical staff, then tests technical and executive teams together.

Another general rule of thumb is to regularly conduct tabletop exercise at least annually to ensure your team's response adapts to changing environments, technologies, staff, regulatory, and industry landscapes.

After the exercise, our facilitator debriefs your team in a Hot Wash. Then, we follow-up once again to review notes and offer further feedback to help bolster your security posture and response.

REVIEW THE SERVICE INFORMATION
TO BEGIN PLANNING
YOUR TABLETOP EXERCISE

TTX-Sales-Sheet-3D-NEW

 

GET AHEAD OF YOUR INCIDENT.

Reach out to our expert staff to learn how a facilitated tabletop can prepare your organization for an incident today.

SCHEDULE MY DEMO