Implementing Your First Cybersecurity Tabletop Exercise

It’s Cybersecurity Awareness Month! In honor of the theme — Do Your Part. #BeCyberSmart — we’re doing our part by educating IT teams and organizations on protecting themselves. Throughout October, the JumpCloud blog will focus on top cybersecurity issues, from IT admin best practices to CISO responsibilities. Tune back into the blog this month for new cybersecurity content or check out our archive of existing security articles for cybersecurity insights written specifically for the IT professional. 

Most cybersecurity experts encourage organizations to consider a cybersecurity incident an inevitability — not an if, but a when. And breach ramifications are often severe: the average cost of a data breach is $4.24 million. 

Because cybersecurity attacks are likely and costly, organizations need to know they can respond to an incident appropriately. This is where cybersecurity tabletop exercises (TTX) come in.

TTX is designed to test an organization’s incident response plan (IRP). The goal is to learn how your organization would react in a real breach, identify strengths and weaknesses in your plan, and promote response readiness within your organization. 

Despite its critical importance, however, TTX isn’t conducted nearly as often as it should be. Many organizations have trouble kicking exercises off, and setting up your first one can be daunting. Fortunately, however, each exercise tends to promote more buy-in among your organization, making the first exercise the biggest hurdle. 

This blog aims to help IT and security professionals overcome these challenges to running their first cybersecurity TTX. We’ll outline the basics to getting started, setting up and conducting the exercise, and solutions to common roadblocks with introducing TTX to your organization.

Step One: The Incident Response Plan

Table-top exercises aim to test incident response plans (IRPs); hence, the IRP is an essential and unavoidable element of TTX. If you plan to conduct a TTX and you don’t have an IRP, go back and develop an IRP first. 

While you shouldn’t conduct TTX without an IRP, thought exercises around incidents and how your organization might respond can help you build out your IRP. Additionally, smaller-scope TTX models (Read more...)

Comments are closed.