What Actually Happens in a Cyber Tabletop Exercise

Date: 15 September 2020

You’re aware that without a cyber incident response plan you’re exposing your business to incomparable risk. You also know that these response plans are reliable only if you test their validity and effectiveness on a regular basis with cyber crisis tabletop exercises (CCTE). But do you know what really happens during these cyber crisis workshops that makes them so critical to your business continuity?   

In this blog, we cover the following key aspects of an effective CCTE: 

The imperative phases of a cyber tabletop exercise 

1. Identifying the right stakeholders

This may sound like the rudimentary first step for any exercise but it takes on a whole new dimension when it comes to cyber tabletop exercises. Upon being asked to identify who will participate in such a workshop, the management is making a larger decision about who the key stakeholders are in the cybersecurity decision-making process for their business. The stakeholders can often be department and hierarchy agnostic. For instance, the participation of a junior level IT manager may often be more important than that of a senior business executive. Hence,the process of identifying participants of a cyber tabletop exercise is a more strategic and long-term decision critical to the health of the business, than may appear otherwise.    

2. The scenario 

For a cyber tabletop exercise to be successful, it is essential that the facilitator of the exercise is an expert CISO and trainer so that she/he comes up with a scenario that is relevant and capable of generating actual fear and anxiety in the minds of the participants. The scenario cannot be flimsy and run of the mill. It must be specific to the business, its model, operational framework and be based on risks and threats that are real for the organisation in question. 

New call-to-action

3. The actual exercise 

During the exercise, the facilitator will create an atmosphere of pressure and pandemonium so that participants are subject to a simulation of exactly the kind of environment they can expect during a real attack. The scenario in question will unfold in rapid stages so that the stakeholders are forced to think on their feet, collaborate with the right people and respond with alacrity, the way they would do if their company was under an actual threat. The actual exercise has to be as close to reality as possible for the cyber tabletop exercise to go beyond being mere lip service to a truly fruitful initiative. If this is achieved on a regular basis, the management can hope that the participants have had adequate mental training and exposure to emulate at least half of their behaviours from the workshop in a real-life crisis.    

4. Evaluation and Report 

Any good cyber tabletop exercise provider will offer a formal evaluation and report at the end of the workshop. Frankly, without this report, the exercise can largely be deemed as futile. The report is a critical look at the cybersecurity infrastructure, incident response plans and processes, inter-departmental coordination and the calibre of the staff to adequately respond to an attack such that the damage caused by it is mitigated to a minimum. In the absence of the evaluation, it will not be possible for the management to see the loopholes in their strategy and their preparedness. At the end of a cyber tabletop exercise, the business should ideally receive a breach readiness score that it can work with to ramp up its defences. 

At CM-Alliance, we have the expertise, the experience and requisite skills to support you in hosting a productive and effective cyber crisis tabletop exercise. We work with you on planning, creating scenarios, producing the scripts and artefacts and running the actual workshop. We can run a complete  cyber tabletop exercise virtually using Zoom, Microsoft Teams or Google's Meet (previously known as Hangout).  

Cyber Crisis Tabletop Exercise Brochure Download

New call-to-action

If you’d like more information on our Cyber Crisis Tabletop Exercises click here or call us on +44 (0) 203 189 1422 or email us here. 

New call-to-action

Get Email Updates on our Latest News

Simply enter you details in the form below to subscribe:

  • Or call us on:
  • +44 (0) 203 189 1422
yt-1