Cyber Security Incident Response Exercises

You can’t defend against all security risks unfortunately. Incidents and breaches will occur and organisations need to be cyber resilient by being able to respond to and recover from incidents as quickly as possible. This necessitates planning and ensuring that your security incident response team has rehearsed the types of scenarios it might face, through incident response exercises.

We can provide cyber incident table top exercises, tailored to your organisation and suitable for executives, IT specialists or your incident response team. Our table top exercises reflect real world cyber security incident scenarios that your organisation has or might have to respond to in the normal course of your operations.

Our table top cyber incident exercises are designed to demonstrate and exercise your incident response plans, breach notification processes, escalation procedures and communications plans. We include your input in to the scenarios to enable us to customise them for you by reference to matters such as:

  • Identification of threats which are unique to you or the nature of your business
  • Creating scenario ‘injects’ – these are scenario escalations which are relevant to your operational environment
  • Your incident response plans and associated policies and procedures
  • Identification of your stakeholders and management escalation paths
  • Identification of your security operations capabilities, personnel and suppliers
  • Information about your IT environment and security controls.

During the table top exercises, our facilitators will take notes and identify strengths and areas for improvement in your incident response capabilities. After the exercise, we will write these up in to a short report consisting of our findings and recommendations.

Our Methodology

Our table top cyber incident exercises use the scenarios and injects agreed with your organisation during the planning stage. The exercise itself typically takes place on a single day and usually lasts for between 4 and 6 hours in total, depending on the number of participants, the number of scenarios and the format agreed.

The service can be delivered as one exercise or broken in to periods of shorter exercises with breaks in between. For example, hourly exercises with different scenarios, two-hour exercises with different scenarios or a single session based on one scenario but with numerous injects to escalate the scenario over time. These options will be discussed and agreed during the preparation stage.

Each scenario will consist of three parts and be followed by a report, as follows:

Introduction

This will set the scene based on the agreed scenario and will provide your organisation with an opportunity to review matters including your cyber incident detection and response capabilities and processes for sharing information and your relationships with key stakeholders (internal and external).

Escalation

Using scenario ‘injects’, we test your processes for responses to specific issues that may arise during an incident and pose questions about incident governance.

Wrap-Up

During a wrap-up discussion, our facilitators will guide participants to identify your overall ability to identify, protect and respond to cyber incidents and to consider areas for improvement.

Post Exercise Report

During the table top exercises, our facilitators will take notes and identify strengths and areas for improvement in your incident response capabilities. After the onsite day, we will write these up in to a short report consisting of our findings and recommendations.

icon

Need a Cyber Incident Table Top?

Please get in touch. You can call us or request a call back using our contact form. We’d love to talk with you and promise no hard sell.

Get In Touch

Our other Information & Cyber Security Services