Design a Tabletop Exercise to Support Your Security Operation
Trust but verify that you are prepared for the next threat.
View Storyboard
Contributors
Anthony Vitello, Senior Vice President Global Information Security, Citigroup
Your Challenge
- Threat management has become resource intensive, requiring continuous monitoring, collection, and analysis of massive volumes of security event data.
- Security incidents are inevitable, but how they are handled is critical.
- The increasing use of sophisticated malware is making it difficult for organizations to identify the true intent behind the attack campaign.
- The incident response is often handled in an ad hoc or ineffective manner.
Our Advice
Critical Insight
- Establish communication processes and channels well in advance of a crisis. Don’t wait until a state of panic. Collaborate and share information mutually with other organizations to stay ahead of incoming threats.
- Security operations is no longer a center, but a process. The need for a physical security hub has evolved into the virtual fusion of prevention, detection, analysis, and response efforts. When all four functions operate as a unified process, your organization will be able to proactively combat changes in the threat landscape.
- You might experience a negative return on your security control investment. As technology in the industry evolves, threat actors will adopt new tools, tactics, and procedures; a tabletop exercise will help ensure teams are leveraging your security investment properly and providing relevant situational awareness to stay on top of the rapidly evolving threat landscape.
Impact and Result
Establish and design a tabletop exercise capability to support and test the efficiency of the core prevention, detection, analysis, and response functions that consist of an organization's threat intelligence, security operations, vulnerability management, and incident response functions.
Start here – read the Executive Brief
Read our concise Executive Brief to find out why you should design a tabletop exercise, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.
1. Plan
Evaluate the need for a tabletop exercise.
2. Design
Determine the topics, scope, objectives, and participant roles and responsibilities.
3. Develop
Create briefings, guides, reports, and exercise injects.
4. Conduct
Host the exercise in a conference or classroom setting.
5. Evaluate
Plan to ensure measurement and continued improvement.
Guided Implementations
This guided implementation is an eleven call advisory process.
Guided Implementation #1 - Plan
Call #1 - Perform a warm-up exercise.
Call #2 - Analyze your drivers, challenges, and value.
Call #3 - Prioritize needs and requirements.
Guided Implementation #2 - Design
Call #1 - Review threat landscape.
Call #2 - Identify threats and tabletop topics.
Call #3 - Assess core participants and responsibilities.
Call #4 - Coordinate logistics.
Guided Implementation #3 - Develop
Call #1 - Discuss the development of guides, forms, and reports.
Call #2 - Discuss the development of injects and video.
Guided Implementation #4 - Conduct
Call #1 - Facilitate delivery of the mock tabletop exercise.
Guided Implementation #5 - Evaluate
