Anything that’s difficult takes time to master, or at least become competent, and it requires constant training and being pushed in situations which will sharpen your reflexes. This is the predominant reason why we perform cybersecurity tabletops in order to improve our reaction time regarding security incidents and breaches. During these situations there’s much more than the technical aspect that needs to be considered and if the entire organization isn’t moving in tandem, mistakes will be made. Organizations as a whole need to live this experience, even if it’s just a tabletop, in order to understand the ramifications of where you might have blinders on from a maturity standpoint. This consistent role playing, aimed to force all levels of participant’s out of their comfort zone, is used to create that tempered muscle memory on how to react to incidents without question.
Much of the focus on breaches or incidents is from a technical aspect and rightfully so. These incidents always effect some type of technical control in some manner. Understanding how to discover and remediate these incidents is the role of the analysts and engineering team. Utilizing table top exercises to stress the incident response or technical teams into a mindset of how they’ll react to a breach or incident scenario is how teams are consistently hardened. With teams that already have an experienced security operations center (SOC), or have a mature cyber security program, there can be additional areas tied to the table top exercise that include more of a war games aspect. This is performed as more of a red team objective that will allow the technical teams to validate that they’re discovering, escalating, and remediating planned incidents and attacks from a technical and policy perspective.
Leadership involvement across the enterprise is essential when it comes to a successful tabletop exercise. To garner the most value out of these assessments having leadership from marketing, technology, finance, sales, human resources, legal, etc., involved is imperative. A security breach will affect all facets of a business, from how to perform forensics on systems, how the sales team will need to speak with prospects, when legal will bring in external counsel, what message marketing will be portraying and how the public reputation will be protected. This is by far the most eye-opening aspect of performing incident response tabletop sessions. This portion of the assessment drives home the message that everyone is responsible for cybersecurity, not just the analysts or risk managers.
The objective of these sessions is to implement a “lessons learned” session and improve the cybersecurity posture of the organization across all departments. The goal of the moderators, that would be CCSI in this case, is to develop a tabletop with the organization which will help assess and validate security posture across the company. Recommendations are created and presented to the organization to assist with guiding the business in a manner where each department is moving together with a common goal. If you have further questions regarding our table top sessions or how CCSI can moderator and create a unique session for your organization, feel free to contact us today.
Register for the Webinar
Who you gonna call.. when there is a security breach?
November 18, 2019 | 1:00-2:00 PM
The best way to prepare your organization during a security breach or disaster is running through exercises that force you into this mindset. At CCSI, we work with putting our clients through these scenarios with custom made tabletop exercises to prepare them for similar events. It’s helpful for organizations as a whole to live this experience, even if it’s just a tabletop, in order to understand the ramifications of where they might have blinders on from a maturity standpoint.
Author Bio: Matthew Pascucci is a Security Architect, Privacy Advocate and Security Blogger. He holds multiple information security certificates and has had the opportunity to write and speak about cyber security for the past decade. He’s the founder of www.frontlinesentinel.com and can be contacted via his blog, on Twitter @matthewpascucci, or via email firstname.lastname@example.org