make a good business better

Blog Information Security

Print Divider Print Divider Branding

6 Steps to Being Ready for Cyber Security Attacks

07/06/2017  |  By: Jason Riddle


Social Logo Social Logo Social Logo Social Logo

With cyber security attacks on the rise, and the wide range of industries being targeted, companies of all sizes should be preparing for the worst. Just as we prepare for a natural disaster, companies should prepare for a security disaster, and in both instances, proper planning, preparation and practicing potential scenarios is key.

When it comes to cyber security, tabletop exercises are a powerful tool to help your organization perform better during real-world cyberattacks. A tabletop exercise can be defined as an activity in which key personnel gather to discuss a simulated crisis situation and their potential response. It is important to understand that a table exercise is not an active simulation, exercise or drill, it’s a preparedness exercise.

6-Step Tabletop Exercise 

Step 1: Identify Exercise Goals

The goal of a tabletop exercise is not to produce a comprehensive cyber incident response plan, instead, it should be a planning activity where you discuss and identify deficiencies, along with corresponding corrective actions, that leads to a comprehensive plan. The most common goals we see in practice today are:

  • To achieve compliance with a regulation, policy, or standard
  • To validate the effectiveness of cyber incident response plans
  • To evaluate the need for external cyber support resources
  • To enhance cyber awareness and readiness

Step 2: Select a Scenario

Before beginning, you’ll need to create a fictional scenario for your team to use as the basis of discussion. Scenarios can be taken from news headlines or created for your specific business needs. Above all, we recommend they be realistic, relevant, and engaging, as well as applicable to your business model.

Step 3: Identify Exercise Participants

To ensure a successful tabletop exercise, it’s important to designate key roles:

  • The Facilitator- this person leads and guides participants through the exercise. This person can “make or break” the exercise, so choose carefully. Ideally, he or she will have some experience with cyber incident response.
  • The Players- those who will go through the exercise, offering their thoughts and input on how the organization would respond to the scenario. The participants should be pulled from various departments across the organization.  
  • The Observers- those whose primary function will be to take detailed notes of the exercise.

Step 4: Schedule the Exercise

Depending on the size of the group, we suggest scheduling at least 90 minutes and no more than 4 hours for the session, and participants should be invited three weeks in advance. Other factors to consider:  

  • Do you have a comfortable location and proper room size?
  • Will you be serving food and beverages?
  • Do you have the equipment you will need such as dry erase boards, microphones, projectors, teleconference/web meeting technology, etc.?

Step 5: Conduct the Exercise

We recommend the Facilitator use a PowerPoint presentation to walk the Players through the exercise while following the recommended session flow:

  1. The Facilitator presents the scenario.
  2. The Facilitator walks the Players through the exercise, asking questions to facilitate a discussion, drilling down into certain areas of responses when applicable.
  3. After the discussion, the Facilitator will summarize and re-state the events that have occurred thus far.
  4. Once the discussion has been restated, or checkpoint one, the Facilitator should introduce a scenario injection or poke holes in the initial approach. This is designed to stimulate the unforeseen occurrences that invariably occur during a real-world incident response.
  5. It’s good to then have a second checkpoint where the findings from the meeting are restated before moving on to the debriefing to ensure all points have been made.

Step 6: Debrief & The Final Report

The initial debriefing should be done verbally with all participants before the exercise is concluded. This is the ideal opportunity to get feedback from the participants while the information is fresh on their minds. During the debriefing, ask three simple questions:

  1. “What worked well?”
  2. “What did not work well?”
  3. “Which areas require improvement?”

The result of the debrief will serve as the basis of the findings, observations, and recommendations for the written report. The final report should be distributed to the appropriate stakeholders, ensuring that someone is accountable for tracking the corrective actions that will help your organization be prepared.

The Outcome: An Incident Response Plan

The findings of your tabletop exercise should lead to an incident response plan, which is a documented procedure for how a cyber security incident will be handled. While the contents may vary from organization to organization, most consist of standard operating procedures, processes, and communication plans. LBMC Information Security works with organizations to elevate their incident response plans into proactive incident response programs.

LBMC Information Security is available to assist clients by designing and delivering custom incident response tabletop exercises, and incident response plans. Experience has demonstrated that this small investment in continuous improvement will pay dividends with faster response times, better communications, and lower costs when an incident does occur.

Our team is ready to help you get your team prepared. Contact us today!

6 Steps to Being Ready for Cyber Security Attacks