Cybersecurity Tabletop Exercises

Cybersecurity tabletop exercises can:

• Provide a baseline of your current state of readiness
• Enhance your understanding of the cyber risks you face
• Practice decision making in a controlled environment
• Enhance your understanding of system or supplier dependencies
• Develop/review internal and external communication plans
• Clarify areas of responsibility
• Identify areas for improvement

Our approach

In our approach to simulations, we incorporate aspects of functional exercising along with technical exercising and/or major incident testing.

We use a tabletop exercise format to ensure the exercise is appropriately contained (and doesn’t impact your actual operations). We plan and deliver the exercise in a scheduled and structured manner.

Your TTX facilitator will work with you to identify your objectives and to ensure that we have an understanding of the functional and/or technical aspects we are testing.

We use our experience in cybersecurity incident response to develop a realistic scenario supported by appropriate details and visual aids (exercise injects).

What to expect

Working with your nominated planning staff, we design a cybersecurity incident scenario (or a series of scenarios) that your organisation is most likely to face. We then create an engaging experience where participants join at varying stages throughout the incident simulation to apply their subject matter expertise.

A detailed incident simulation testing functional and/or technical aspects typically consists of one or possibly two scenarios. We will identify a timeline and an initial set of expected actions related to the injects as part of the planning phase.

Our TTX facilitator will introduce each scenario and the related injects.  Depending on the group’s progress, we will add further complicating factors that participants will need to address. The intent is to create a realistic and pressured situation, but still allow some variation to ensure maximum benefits.

After the tabletop exercise we produce an after action report to capture observations and findings. Depending on your requirements, this report can also include detailed recommendations relating to any issues identified and, if required, a road-map to support implementation.

Tabletop Exercise - Engagement Overview

• Identify objectives and processes to be tested
• Develop initial scenarios
• Review and develop scenarios with stakeholders (planning team)
• Produce inject tracking master list

PREPARATION

• Finalise the visual material and props
• Run the exercise!
• Hotwash - immediate thoughts at conclusion

SIMULATION EXERCISE

• Produce summary of the hotwash or a full after action report
• Optional roadmap to help implement any recommendations

AFTER ACTION

Our experience

The Cosive team has collectively worked on the following related projects:

Cybersecurity Tabletop Exercises. Our facilitators have run many tabletop exercises for leading AU & NZ organisations and, in prior roles, were part of the planning teams for Cyberstorm III in New Zealand, Cyberstorm II in Australia and Cyberstorm I in Japan, as well as the 2011 Rugby World Cup.

Incident Response Process expertise. Cosive has helped multiple organisations create incident response processes on how best to respond to various types of computer security attacks. This expertise enables us to understand how various stakeholders within an organisation should work together to respond to a security incident, and to recognise when an organisation is responding ineffectively.

Threat Intelligence. In addition to our incident response activities, we also have a broader awareness of threat actors including insight into their locations, relationships, commercial terms, tradecraft and tooling. We have followed closely and collaborated with victims of major attacks and understand the actions that are taken and where efforts often succeed and fail, allowing us to craft very realistic scenarios.

Our customers

We provide cybersecurity tabletop exercises to clients in diverse industries, including:

• Banking and finance
• Critical Infrastructure (power and water)
• Australian Federal Government
• International incident response teams
• Resources sector
• Fortune 500 technology companies
• Technology startups

‍