How to improve your IR tabletop exercises and why you really should?

2022-01-14 06:00

In this interview with Help Net Security, Curtis Fechner, engineering fellow at Optiv Security, explains the function of incident response tabletop exercises and how they can help reduce an organization's overall cyber risk by keeping it prepared for a real incident.

Traditionally these exercises would be conducted in a round table format, thus the name "Tabletop exercise." These exercises are generally less technical in nature, as there is no practical assessment of security controls, and the overall focus is on management of risk.

A big part of IR tabletop exercises is testing the organization's IR Plan and establishing familiarity with the standards defined therein.

The intent behind these exercises is to validate participants' knowledge of IR processes and helps to expose just how formal those processes might be within the organization.

An overly elaborate tabletop which consumes a whole day for the executive leadership team might be a once-per-year carefully planned affair conducted by an outside consultancy, but the in-house IR team defined in the plan should conduct exercises at least once per quarter to explore response processes for high-risk threat scenarios.

How do incident response tabletop exercises benefit an organization?

News URL

https://www.helpnetsecurity.com/2022/01/14/incident-response-tabletop-exercises/