With the start of another new year, there’s no better time to assess the current state of your incident response (IR) abilities and identify what you should work on to improve.
A convenient way to accomplish this is through tabletop exercises, as it presents a classroom-style discussion in which stakeholders gather to confront a simulated emergency and hone their critical response competencies.
Aside from the obvious – a vastly improved IR program – what makes these practice scenarios so beneficial to the overall security maturity of your organization? Here are five reasons to move your learning to the tabletop.
1) They deliver an excellent return on investment.
Relative to other tactics you could choose to assess security capabilities, a tabletop exercise typically has a lower cost and requires fewer resources while still delivering useful information quickly. If you engage with an outside expert like Trustwave, they’ll develop a customized scenario for you, which means your team can get results from just a few hours of participation.
2) Security processes and team members are tested in a safe environment.
Unless your organization is particularly vulnerable – or unlucky – you’re not responding to incidents all the time. A tabletop exercise lets everyone focus on how they’d respond to a specific cyber incident without the risk and stress of a real-world situation.
3) Team members from all levels and parts of your organization can join.
Security emergencies affect technical team members, business owners, executives and others throughout your organization. A well-written tabletop scenario helps everyone familiarize themselves with their role during an incident. Like an actual emergency, varying team members will participate at different times and have unique responsibilities, but everyone can have an opportunity to engage during the exercise.
4) They identify gaps and can help you improve your IR plan.
Once the tabletop exercise is underway, interactions among participants will uncover whether roles are understood, communication lines are clear, procedures are available and more. All this information will give you a realistic view of the effectiveness of your security processes and procedures, and highlight gaps to fill or areas to improve.
5) You will learn about issues before they happen for real.
Of all the reasons to conduct a tabletop exercise, this is arguably the most important. Tabletop exercises are great at identifying questions that need answers, responsibilities that need owners or processes that need developing. These might be as simple as identifying the team member who is responsible for notifying law enforcement of a breach – or perhaps something more involved, like defining criteria for quarantining versus rebuilding infected systems. Whatever issues are identified, it is better to identify and resolve them in a safe setting during or after an exercise than on the fly while responding to a legitimate security emergency.
If you lack the internal resources to stand up a tabletop exercise yourself, our experienced Trustwave SpiderLabs DFIR Consulting team members can help get you up and running. A member of our team starts by working with you to understand your organization’s environment, personnel and objectives. Learn more about Trustwave SpiderLabs DFIR Consulting services.
Diane Garey is a product marketing manager at Trustwave.