Here’s How to Run a Tabletop Exercise

//Here’s How to Run a Tabletop Exercise
February 25, 2019 | Categories: IR Plan |

Make Sure You Don’t Forget These Crucial Steps in Your Plan

If your organization is interested in improving their cybersecurity strategies, one of the best first steps is an incident response tabletop exercise. Before you can improve your strategy, you have to understand where your weaknesses are, and what you need to improve upon. An exercise like this sheds light on what’s not working within your current processes and gives you an actionable plan to improve upon.

How should you approach running a tabletop exercise? Let’s dig in.

You can run exercises for just about any cybersecurity risk, but an exercise isn’t going to be beneficial for your company if it’s one that you would never experience. The first thing you should do is identify your specific risks. If there are certain threats that you know you’re at risk for or situations that you’ve already encountered, these are the scenarios you’ll want to target.

When you think about these risks, you can’t consider options as something that “would never happen to you.” Instead, you need to be aware of the tools that you’re using, your network, and the threats that they pose to your organization in order to make sure that you’re running through the right scenarios.

The next thing you’ll want to do is ensure that when you go through the tabletop exercise, all the right people are in the room. With issues like these, it’s easy to assume that only IT and technology professionals need to be involved, but that’s actually not the case. While IT staff are going to be the people in the trenches working on resolving the issue, they’re not going to be the ones making the majority of the decisions.

Let’s say that a server needs to be shut off to restore an issue or install a patch — but shutting this server off will impact the network for your entire company. This choice is going to come from senior leadership, so you’ll want to make sure they’re involved in the exercise.

For other situations, like potential legal issues, notifications to insurance carriers, or communicating with your customers and clients, your senior leadership will be the ones calling the shots. For your tabletop exercise to be successful, you’ll want to make sure they’re on the same page with your IT and technology teams when a crisis occurs.

Once you’re ready to actually run through the exercise, having a facilitator can help ensure that the process goes smoothly, and you come out of it with a solid action plan. This facilitator might be an existing cybersecurity leader in your organization, or if you don’t have anyone in this role, a partner who can lead you in your cybersecurity efforts.

If you’re not sure where to start, a cybersecurity expert can help show you the way. Partners like MRK can spot risks and threats better than anyone, and because they live and breathe cybersecurity, they’ll be able to provide you with the most efficient and effective action plans for your team.

In the event of a real crisis, they can even be available to provide support as you work through the recovery process. Interested in learning how you can jumpstart your cybersecurity processes? Get in touch with us today to learn more.

2019-04-02T10:32:54+00:00