Cyber Resiliency: Building Strength Through Tabletop Exercises

Top News in Cyber Defence

Cyber Resiliency: Building Strength Through Tabletop Exercises

Part III: How to Develop and Deliver Successful TTX

By: Kevin Sandschafer, COO & VP Cyber Risk and Assurance

Tabletop Exercises are regular, repeated activities that any business can and should incorporate into its operational resiliency plans and processes. In the first blog in this series, we considered how effective and efficient incident response is supported by leveraging TTX on a regular basis. In Part II we assembled the building blocks of TTX that should be in place within your organization to optimize the benefits of the exercise. These building blocks are Assign an Executive Champion, Define Objectives, Acquire Funding & Assign Resources, and Develop A Roadmap.

 

Today, we’ll continue to examine how to develop and deliver a TTX that works for your organization. There are five steps in the execution process, beginning with Identify and Design:

Identify: Business risk, Industry threats, Vulnerabilities, Stakeholders

 

Design: Relevant scenarios, event logistics, Rules of engagement, Risk controls

 

Let’s discuss the next three.

Conduct

Having prepared in advance for executing your tabletop exercise – roles are defined, logistics are managed, and your people are primed for the activity – you’re now ready to conduct the TTX. With White Tuque as your TTX partner, we will design a Facilitator Guide to aid in conducting the exercise. This Guide is based on the risks your business faces, the threat landscape for your industry, and your specific objectives for organizational resilience and growth.

Our TTX specialist will take your people through the steps of responding to a cyber incident, capturing observations throughout the activity. Following the conclusion of the exercise, a group debrief will optimize your ability to respond to the results and conclusions of the TTX. Ensuring that participants are able to reflect and give feedback on the experience strengthens the relevancy of the activity for your team, and will inform how you design, develop, and deliver your TTX in the future.

 Evaluate

Evaluation can be an intimidating step, but it doesn’t need to be. Conducting your TTX is not the pinnacle of the activity, but rather simply the middle of the sandwich. Once concluded, it is important to review the observations from the TTX and feedback discussed in the debrief and capture the strengths and weaknesses of your people, process, and technology based on the findings from the day. White Tuque takes a thorough review of the data points and qualitative information and will work with you to finalize an After-Action Report (AAR) containing recommendations that you can implement with your team.

 Enhance

Enhance the resiliency of your business by acting on your AAR. Assign ownership to any highlighted issues and set realistic timelines to address the areas of concern, with status updates built into your plan of attack. White Tuque knows that your primary focus is the business you operate, and that cybersecurity can’t always be in the spotlight. We will work with you to outline targets for completion that make sense and include approximate budgets for both human and financial resources for any solutions you choose to adopt. With an overall goal of continuous improvement in mind, augmenting the noted strengths and working towards fortifying areas of concern, your business can function and flourish in the face of cyber threats.

The Wrap-Up

Tabletop Exercises are collaborative, interactive, engaging ways to improve the resiliency of your business. They are a dynamic activity that addresses the many moving parts of your business, including your people, process, and technology. The benefits to your business include opportunities for education, training, and risk awareness through accountability and evaluation. They help you protect your critical infrastructure and prevent operational outages, mitigating financial loss, reputational damage, and disruption to doing business.

Every organization can benefit from adopting TTX into its operational resiliency plans. If you’re ready to empower your people to take action during a time of crisis, reach out to White Tuque today! You can get in touch with me at [email protected].

Connect with us on LinkedIn!

Would you like more information on this topic?

White Tuque Newsletter | September 2024

CyberSafe Chronicles​ Tuque’s Take on the News Construction firms breached in brute force attacks on accounting software Hackers are brute-forcing passwords for highly privileged accounts on exposed Foundation accounting servers, widely used in the construction

White Tuque Newsletter | May 2024

CyberSafe Chronicles Newsletter Content Tuque’s Take on the News LastPass: Hackers targeted employee in failed deepfake CEO call LastPass revealed recently that threat actors targeted one of its employees in a voice phishing attack, using

Revealing the Power of Cyber Asset Management

In the fast-paced digital era where organizations heavily rely on technology, managing cyber assets has become a critical aspect of ensuring a secure and resilient digital landscape. Cyber Asset Management (CAM) plays a pivotal role

Work With Us.

  •  

Robert D. Stewart

Founder & Head, Strategic Threat Intelligence

Robert is a technology incident and crisis management specialist with over 3200 hours leading critical recoveries and investigations within regulated industries.

Robert has built cyber incident and global crisis processes for the Fusion Centres of two major North American banks. With an extensive focus on operational resiliency, Robert worked as a Global Crisis Management Specialist, leading the technical migration for the pandemic for a multi-national financial institution.

Robert is a threat intelligence specialist focused on preventing large scale incidents and attacks before they happen, with unparalleled experience in incident response: 650 critical incidents within the global financial sector leading to the recovery of over 250 unique global financial systems, with 6000 executive communications and briefings issued, and over 200 post-incident reviews.