IR Tabletop Exercises
As the prevalence of cyberattacks continues to rise, many organizations struggle to keep up with the ever-changing threat landscape and evolve their security practices accordingly. How can you be sure you’re ready to effectively respond to a significant cyber event?
What is an IR Tabletop Exercise?
This cybersecurity tabletop exercise is a focused workshop which simulates the cyber threats being faced by an organization to demonstrate what a response would look like in the real world. Specifically, the exercise will test a program’s ability to detect, assess, contain, and eradicate a threat based on its existing incident response practices. Our experts prepare the tabletop exercise scenarios ahead of time based on their assessment of current program state, agreed workshop goals, and the IR playbook(s) to be tested.
Common Tabletop Exercise Scenarios
Incident response processes are tested against the threat scenarios most likely to confront or impair your organization. Actual scenarios will vary by engagement, but may include common threat profiles, such as:
- General end user system compromised through web-delivered malware
- General end user system compromised through mail-delivered malware
- Spearphishing and whaling by advanced adversaries
- End user system compromise through malicious device (hardware-based keylogger, malicious USB, network implant, Dropbox)
- Systems targeted through remote vulnerability exploitation
- Applications targeted through remote vulnerability exploitation
- Network-based data exfiltration
- Service disruption to critical systems based on contextual threat-models
- Compromise of crown-jewel data repositories based on contextual threat-models
- Systemic infrastructure breach based on contextual threat-models
Tabletop Exercise Results
GMI’s tabletop exercises are aimed at revealing an organization’s IR capability completeness and staff familiarity with associated technologies and processes. The goal? Provide the insights needed to mature your IR practices before you are forced to rely upon them.
At the conclusion of each tabletop, GMI’s experts prepare a report detailing risks uncovered during the simulation and recommendations to help improve various prevention and response capabilities. This report enables clients to take actionable steps toward improving their security.
- Safely and proactively identify IR deficiencies
- Refine operational plans based on tabletop insights
- Improve staff visibility and understanding of IR readiness
- Understand the potential impact of likely threats
- Achieve confidence in your IR capabilities