Incident Response Tabletop Exercises are an important form of organizational training.
The purpose of the tabletop exercise is to validate the existing Information Security Incident Response Plan and identify its strengths and weaknesses. Conducting these exercises promotes changes in attitudes and perceptions. Tabletop exercises enhance an organization’s overall cyber response posture by improving the collective decision-making process of participating teams and stakeholders.
The objectives of the incident response tabletop exercise include the following:
Benefits of a Tabletop Exercise performed by RedLegg include:
Gain insight into many of the current risks within your enterprise by identifying shortcomings in your existing security program.
Prioritize the biggest threats to the organization and strategically plan a roadmap to better safeguard your organization.
Reduce the impact and likelihood of a successful breach and data exfiltration by testing and securing of your organization.
Show customers and stakeholders your commitment to securing and protecting the most valuable assets against various threat actors.
Objective | Participants | Scenario | Planning | Engagement | |
Technical | To assess IR Plan with respect to technical staff roles and responsibilities. | Security Managers, Analysts, Technical Staff | Custom | Kick-off call | 4 hours on-site |
Technical + Executive | To assess IR Plan with respect to company-wide roles and responsibilities. |
Technical + C-suite, Counsel, PR | Custom | Kick-off call | 4 hours on-site |
Your RedLegg facilitator will provide...
This includes the exercise agenda, schedule, handouts, feedback forms, and exercise summary document.
The scenario is created by RedLegg Advisory Services, based on the information gathered during the Kickoff call and from the existing Client Incident Response Plan. Includes roles and participants required for the exercise.
Notes are created by the RedLegg Observer, paying particular attention to how the proceedings highlight communication gaps within participant areas or departments with which they most frequently interact.
A Hot Wash takes place immediately after the tabletop exercise, allowing participants to provide the initial feedback while details are still fresh in their minds. Participants also perform a self-assessment and discuss the positive outcomes and areas for improvement. Data Collectors receive immediate feedback from the self-assessment and from the discussion surrounding the major issues and outcomes of the exercise. The Hot Wash also allows Data Collectors to request any subsequent clarifications or to inquire about any missing information.
Feedback received during the Hot Wash and through the Participant Feedback Forms will be reviewed by the RedLegg Facilitator and discussed during the follow-up Lessons Learned session with all tabletop exercise participants and designated department/corporate management.
Your RedLegg facilitator will provide...
This includes the exercise agenda, schedule, handouts, feedback forms, and exercise summary document.
The scenario is created by RedLegg Advisory Services, based on the information gathered during the Kickoff call and from the existing Client Incident Response Plan. Includes roles and participants required for the exercise.
Notes are created by the RedLegg Observer, paying particular attention to how the proceedings highlight communication gaps within participant areas or departments with which they most frequently interact.
A Hot Wash takes place immediately after the tabletop exercise, allowing participants to provide the initial feedback while details are still fresh in their minds. Participants also perform a self-assessment and discuss the positive outcomes and areas for improvement. Data Collectors receive immediate feedback from the self-assessment and from the discussion surrounding the major issues and outcomes of the exercise. The Hot Wash also allows Data Collectors to request any subsequent clarifications or to inquire about any missing information.
Feedback received during the Hot Wash and through the Participant Feedback Forms will be reviewed by the RedLegg Facilitator and discussed during the follow-up Lessons Learned session with all tabletop exercise participants and designated department/corporate management.
Before testing your Incident Response Plan with technical and/or executive staff, RedLegg's expert facilitator will begin the process with a kick-off call. We will get to know you, your staff, your technologies, and your operations.
Our expert facilitator will then meet with you to conduct the Tabletop Exercise. The facilitator will then compile research and notes to guide your response team through the events of a customized attack scenario. During the four-hour session with your staff, our facilitator will present a simulated, custom-tailored scenario, with prompts, in order to observe your team’s communication and ability to execute the IR Plan during a major security incident.
We typically offer two exercise tracks: one for technical staff and one for technical staff with executive leadership. We see best results when a business first tests their technical staff, then tests technical and executive teams together.
Another general rule of thumb is to regularly conduct tabletop exercise at least annually to ensure your team's response adapts to changing environments, technologies, staff, regulatory, and industry landscapes.
After the exercise, our facilitator debriefs your team in a Hot Wash. Then, we follow-up once again to review notes and offer further feedback to help bolster your security posture and response.
Reach out to our expert staff to learn how a facilitated tabletop can prepare your organization for an incident today.
SCHEDULE MY DEMO