Tabletop Exercises
Challenge
Cybersecurity breaches can cost an organization millions of dollars and the loss of trust of its customers and clients. Preparing for a cybersecurity breach helps an organization better manage its incident response team and develop confidence in its cybersecurity posture. That confidence is essential to being able to put the best foot forward when dealing with regulators and shareholders who are concerned about a cybersecurity incident.
Organizations and their executive leadership are increasingly concerned about cybersecurity due to the size, volume, and severity of recent security breaches. But despite ongoing investments in people, processes, and technology, organizations are still falling victim to security breach incidents. The consequences of such incidents have been devastating billions have been lost in shareholder value, C-suite executives have been held responsible, reputational value has diminished, and civil and criminal penalties have been imposed.
Solution
EBG’s tabletop exercises allow clients to work through real-life scenarios to determine preparedness for such incidents as website defacement, web server breaches, ransomware, lost laptops, insider threats, and more. These exercises are designed to do the following:
- Increase Awareness. We provide clients with an innovative approach to performing IT security exercises, which helps increase awareness and raise competence regarding relevant IT security threats to the control systems.
- Create a dialogue. Our tabletop exercises include all parties involved in resolving an IT security incident, and the process allows for the discussion of relevant threats and the exchange of knowledge and experience with each other.
- Improve incident response capabilities. Our exercises identify shortcomings and grey areas in an organization’s current plans and procedures.
EBG organizes incident response capabilities around an “information security playbook” by simulating an actual cybersecurity breach event. The firm has assembled many common incidents with actionable workflows from a common core of security incident types. We will work with your team to document the escalation process while going through a series of mock security exercises with the core security incident response team.
Simulated evidence can be injected into the network of the organization that should trigger the incident response plan. Throughout the exercise, EBG assists clients in understanding how the Legal, Human Resources, IT, and Compliance Departments function as a cohesive whole when responding to a potential breach and the process that needs to be followed to determine whether a breach of PHI has occurred. EBG also provides guidance throughout this exercise so that everybody understands exactly what position they are playing on the incident response team.
Cybersecurity Incident Preparedness
Organizations should do the following to prepare for cybersecurity incidents:
- Perform a Risk Assessment. A risk assessment involves looking at threats to an organization’s mission and understanding what security controls are in place to mitigate those threats. This type of assessment is required by regulations, both at the state and federal levels. (EBG has developed a number of tools to assist organizations in maintaining a continuous risk management process, using our revolutionary new approach to modeling risk.)
- Establish an Incident Response Plan. All security incidents are not equal, and the way that an organization responds to one incident may be significantly different from its response to another.
- Test the Incident Response Plan. The organization must work through simulations of security incidents with its incident response team so that everybody learns how to work together. Decisions must be made before an incident occurs on such questions as, “How will team members communicate with each other?” “What tools will they have available?” and “What channels of secure communication do they have available in the event of an incident?”
- Engage the C-Suite. It is imperative to engage the C-suite as part of an incident response team. They need to be informed in order to make the best decision for the organization.