Cyber Resiliency: Building Strength Through Tabletop Exercises

  • Blog, Insights

Top News in Cyber Defence

Cyber Resiliency: Building Strength Through Tabletop Exercises

Part II: How to Develop & Deliver Successful TTX

By Kevin Sandschafer, COO & VP Cyber Risk and Assurance

 

In the first blog in this series, we looked at the ways Tabletop Exercises (TTX) can help your business be prepared for and remain resilient against cyberattacks. We also talked about incident response (IR) plans that define roles and responsibilities, set thresholds, and establish communication protocols. IR plans and TTX go hand-in-hand because your exercise is meant to test and improve your organization’s incident response. Today I’d like to take a deeper look at how a TTX is developed, designed, and delivered with your business’s objectives and operational needs in mind.

5 Building Blocks of Tabletop Exercises

Assign An Executive Champion

It’s important to find an ally in leadership. When a CISO, CIO or other executive or director in your organization sees the value of preparing all stakeholders, it’s much easier to obtain the buy-in from the stakeholders – the people who will be taking part in your TTX – and establish the groundwork for success from the outset. Your Executive Champion is someone who is actively involved with initiating the exercise and can explain the reasoning for the program will be an asset when asking your team to take part.

Define Your Objectives

What are the goals of your TTX? Clear and direct goals are good, ones that can be measured or tracked are even better. Your goal can be to develop a program that will strengthen your organization’s resilience to cyberattacks. Bring your Executive Champion in to assist in developing and establishing the objectives for the TTX program so it aligns with your company’s overall objectives.

Acquire Funding & Assign Resources

You will need to budget not only funds, but time and human resources, too. Engaging an experienced third-party like White Tuque can greatly increase the effectiveness and impact of your exercise(s). We can help with engaging stakeholders, planning logistics, and designing relevant attack scenarios to efficiently deliver training and awareness.

Document the Process

There is a lifecycle to a successful TTX.  I recommend documenting each phase of your TTX – from planning, to execution, through debrief and post-exercise actions. White Tuque’s experts will help you build documentation and processes that develop repeatable exercises, with refined and consistent results.

Develop A Roadmap

Based on your organization’s risk appetite, think through your maturity level with respect to operational resiliency. What is the frequency with which you plan to leverage TTX – annually? Quarterly drills that can be more focused? If it makes sense for your organization, you can strategize to conduct exercises on specific topics. With a roadmap in place, you have a plan to help your team understand both the impetus of the TTX and how they align with the organization’s future goals.

Ready, Set, Exercise!

You’ve recognized that remaining resilient in the face of cyber threats is important, and possible. You’ve reviewed your organization’s IR plan and potentially determined some strengths and opportunities for improvement. You’ve found an Executive Champion who has supported you in getting the buy-in from leadership and other stakeholders in the company, and they agree that conducting TTX is a strong piece to add to your cybersecurity and resiliency program. Congratulations – you’re ready to conduct your TTX!

There are five steps in the execution process. They are:

  • Identify
  • Design
  • Conduct
  • Evaluate
  • Enhance

 

Let’s take a closer look at what the first two steps are all about.

Identify

Before an activity can be designed, each organization must consider specific topics and what they mean in the context of that particular business. For TTX to be successful, they must be as realistic and relevant as possible. White Tuque will help you determine the business’s appetite for risk, identify industry threats, highlight vulnerabilities, and recommend stakeholders who should take part. Making these determinations ahead of time ensures that your TTX is an efficient and effective tool.

Design

TTX can be repeatable, but they are also highly customizable. You can design your exercise(s) to address particular areas that matter most to your operations. In the design phase, White Tuque’s experts will learn about your business by conducting a brief impact analysis. We ensure there are rules of engagement and risk controls in place prior to conducting the TTX, so your people can participate without disruption to your operations. Our attack scenarios align to your core service offerings and are informed by your highest risks.

Taking these preparatory steps enables you to conduct your TTX. In the third and final piece on this topic, I will discuss what it means to execute your TTX, from conducting the exercise, through debriefing and evaluation, to enhancing the activity for next time.

In Part Three, we’ll get into the nuts and bolts of conducting, evaluating, and enhancing your TTX. Getting on the right path to developing and delivering successful Tabletop Exercises is easy! White Tuque’s experts are here to help you plan and execute your activity. Just give us a shout! Reach out to [email protected] today.

Connect with us on LinkedIn!

Would you like more information on this topic?

Contact Us
  • Read more Blog, Insights

White Tuque Newsletter | September 2024

CyberSafe Chronicles​ Tuque’s Take on the News Construction firms breached in brute force attacks on accounting software Hackers are brute-forcing passwords for highly privileged accounts on exposed Foundation accounting servers, widely used in the construction

White Tuque Newsletter | May 2024

CyberSafe Chronicles Newsletter Content Tuque’s Take on the News LastPass: Hackers targeted employee in failed deepfake CEO call LastPass revealed recently that threat actors targeted one of its employees in a voice phishing attack, using

Revealing the Power of Cyber Asset Management

In the fast-paced digital era where organizations heavily rely on technology, managing cyber assets has become a critical aspect of ensuring a secure and resilient digital landscape. Cyber Asset Management (CAM) plays a pivotal role

Offices in Ontario and Chicago

White Tuque logo white

Call 1-844-WT-TUQUE

GET SOCIAL WITH US
Facebook Twitter Linkedin Instagram

© 2022 White Tuque | Privacy Policy

Website designed by NetGain SEO

Work With Us

© 2024 White Tuque | Privacy Policy

Work With Us.

  •  

Robert D. Stewart

Founder & Head, Strategic Threat Intelligence

Robert is a technology incident and crisis management specialist with over 3200 hours leading critical recoveries and investigations within regulated industries.

Robert has built cyber incident and global crisis processes for the Fusion Centres of two major North American banks. With an extensive focus on operational resiliency, Robert worked as a Global Crisis Management Specialist, leading the technical migration for the pandemic for a multi-national financial institution.

Robert is a threat intelligence specialist focused on preventing large scale incidents and attacks before they happen, with unparalleled experience in incident response: 650 critical incidents within the global financial sector leading to the recovery of over 250 unique global financial systems, with 6000 executive communications and briefings issued, and over 200 post-incident reviews.