How to prepare for a successful Cyber Tabletop Exercise
Date: 15 June 2020
You can never be too prepared when it comes to cybersecurity and data privacy. For the health of your business, it is essential to continuously test your cyber incident response plans with effective cyber table top exercises.
In this blog, we tell you what preparation and preliminary homework you should do to ensure you get the most value of your cybersecurity tabletop exercise.
Are you serious about elevating your resilience against cyber attacks with regular tabletop testing? Don't forget to check out our Masterclass on How to Plan and Conduct an effective Cyber Tabletop Exercise.
Apart from reading this blog, we recommend you go through the other literature created by Cyber Management Alliance on the subject of Tabletop Exercises for Cybersecurity. It will stand you in good stead as you prepare to conduct this workshop in your own enterprise.
Here are some extremely useful and easy-to-customise resources created by our experts who have facilitated over 300 cyber table top exercises all over the world:
- Top Cybersecurity Tabletop Exercise Scenarios
- Data Breach Tabletop Exercise Template
- Cybersecurity Tabletop Exercise PPT
We are specialists in cyber incident response and crisis management and are creators of the leading Cyber Incident Planning & Response training assured by the UK-Government's NCSC. The advice in our blogs is from the years of experience in training, conducting crisis management workshops, providing consultancy and mastery in cyber incident management.
Here’s some more detailed reading into how to get the best bang for your buck when you invest in conducting a cyber table-top exercise for your business:
- 6 reasons why your cyber table-top exercise may fail.
- 5 requirements of an effective cyber table-top workshop.
- Why you shouldn’t run your own cyber table-top exercise
- Why it may be more effective to run your cyber table-top exercise remotely.
Top Four Priorities for an Effective Cyber Tabletop Exercise
- Participation – As the organiser, you should first identify who the key stakeholders in your organisation are for decision-making and response during a cyber crisis. It is imperative that you select the right audience to participate in the cyber table-top exercise. The selection should include executives across functions and silos. You should also prepare them in advance about what to expect during the exercise and how they must respond and react for the table-top exercise to be a success.
- Scenarios – You must start out by defining the cybersecurity tabletop exercise scenario that is most likely to materially impact your business. Run-of-the-mill scenarios will yield underwhelming results. Keep your focus on things that truly matter to the business and communicate the same to your facilitator.
- Facilitator – Speaking of facilitator, making sure you choose the right person to conduct the cyber table-top exercise makes all the difference. We recommend getting an external practitioner with years of experience on board. It has to be someone whose opinion and feedback will be valued by all and not be perceived as shrouded in bias or departmental agendas.
- Documentation – Make sure you appoint someone to document (or record) the entire exercise for later reference. It is easy to forget the vital points that emerge out of this adrenaline-filled workshop once it’s over. Be prepared with the right person and the right tools for recording all of it in advance.
At Cyber Management Alliance, we are highly experienced in facilitating cyber table-top exercises that deliver real results in times of a crisis. Apart from our globally-respected trainer and facilitator, we also have an edge in the market as we help our clients in planning for, creating scenarios, producing the scripts and artefacts and running the actual workshop.