In the blogs that I have written not only for myself, but
for paying clients as well, I have developed a lot of content when it comes to
testing, Incident Response, Disaster Recovery, Business Continuity, etc. The common denominator in all of this is that
there is some kind or type of technological tool and human intervention that is
used.
But there is another way yet in which a business can beef up
its line of defenses without having to use any kind of technology per se.
These are known as “Tabletop Exercises”. It can be defined as follows:
“A tabletop exercise is a discussion-based practice that
uses a hypothetical situation to coach a technical or executive audience
through the cybersecurity incident response life cycle.”
(SOURCE: https://www.darkreading.com/operations/top-6-mistakes-in-incident-response-tabletop-exercises)
So as you can see from the above, these kinds of exercises
are very much discussion based. The
leader of it portrays a hypothetical security breach, and the audience is asked
to come up with a solution. While these
can be effective to some varying degrees, there are a number of key areas that
a CISO and his or her IT Security team need to address, in order to make Tabletop
exercises even more effective.
Here are the tips:
1)
Involve the entire audience:
It is very important to remember
that a Tabletop exercise is not just another college lecture where you have
PowerPoint slides and give out notes.
These are meant to be engaging, and in order to make it so, each member
has to be involved and give their input.
In fact, this is really very much like a Security Awareness Training program
for your employees. In order to get great
participation, you have to make it both fun and engaging. In other words, you kind of want to make this
like a social kind of event. If the audience
is large enough, break them out into separate teams for even closer collaboration.
2)
Get different groups of people involved:
A cardinal rule of thumb here is
never to get the same crowd over and over again. It is very important that you get different
participants all the time, so that you will get varied feedback. That will be much more meaningful than getting
the same answer out every time, but in different ways. For example, perhaps take a representative
number of employees from each department that exists in your business. That should give you some varied answers. Also remember that Tabletop exercises are not
just restricted to employees, you should also get other key stakeholders involved
as well. Consider this like a focus
group interview you are conducting to get market research on a potential new
product or service you could launch.
3)
Vary up the threat variants:
As mentioned earlier in this blog,
the facilitator of a of the Tabletop exercise usually first starts out with a
hypothetical security breach. But it is
also important here to keep in mind as well that you need to mix up the threat
scenarios. For example, in one training session,
talk about Ransomware, the other Phishing, etc.
But always make the threat relevant to the business. For example, if you choose to use a Phishing
based scenario, then give the example of a Business Email Compromise (BEC)
attack, and how the accounting team can fall into the trap of responding to a
fake invoice. But also remember not to
make the scenarios so depressing for the audience that they simply do not want
to want to respond or give feedback. It
takes a balance here. Further tips on how to do this can be seen at
the link below:
Also remember that by varying your attack
scenarios,
My Thoughts On This:
One of the key areas that is extremely beneficial from a Tabletop
exercise is the feedback that is solicited from the audience. Remember to incorporate these into all of your
security plans, primarily your Incident Response (IR), Disaster Recovery (DR),
and Business Continuity (BC) plans. But
the best lesson learned is to practice them on a real time basis, at least once
a quarter!!!
No comments:
Post a Comment