Cybersecurity tabletop exercises can:
In our approach to simulations, we incorporate aspects of functional exercising along with technical exercising and/or major incident testing.
We use a tabletop exercise format to ensure the exercise is appropriately contained (and doesn’t impact your actual operations). We plan and deliver the exercise in a scheduled and structured manner.
Your TTX facilitator will work with you to identify your objectives and to ensure that we have an understanding of the functional and/or technical aspects we are testing.
We use our experience in cybersecurity incident response to develop a realistic scenario supported by appropriate details and visual aids (exercise injects).
Working with your nominated planning staff, we design a cybersecurity incident scenario (or a series of scenarios) that your organisation is most likely to face. We then create an engaging experience where participants join at varying stages throughout the incident simulation to apply their subject matter expertise.
A detailed incident simulation testing functional and/or technical aspects typically consists of one or possibly two scenarios. We will identify a timeline and an initial set of expected actions related to the injects as part of the planning phase.
Our TTX facilitator will introduce each scenario and the related injects. Depending on the group’s progress, we will add further complicating factors that participants will need to address. The intent is to create a realistic and pressured situation, but still allow some variation to ensure maximum benefits.
After the tabletop exercise we produce an after action report to capture observations and findings. Depending on your requirements, this report can also include detailed recommendations relating to any issues identified and, if required, a road-map to support implementation.
The Cosive team has collectively worked on the following related projects:
Cybersecurity Tabletop Exercises. Our facilitators have run many tabletop exercises for leading AU & NZ organisations and, in prior roles, were part of the planning teams for Cyberstorm III in New Zealand, Cyberstorm II in Australia and Cyberstorm I in Japan, as well as the 2011 Rugby World Cup.
Incident Response Process expertise. Cosive has helped multiple organisations create incident response processes on how best to respond to various types of computer security attacks. This expertise enables us to understand how various stakeholders within an organisation should work together to respond to a security incident, and to recognise when an organisation is responding ineffectively.
Threat Intelligence. In addition to our incident response activities, we also have a broader awareness of threat actors including insight into their locations, relationships, commercial terms, tradecraft and tooling. We have followed closely and collaborated with victims of major attacks and understand the actions that are taken and where efforts often succeed and fail, allowing us to craft very realistic scenarios.
We provide cybersecurity tabletop exercises to clients in diverse industries, including: