Find & Fill Gaps in Your IR/DR Security Plans
Get backup from our team of security and compliance experts to enable your organization to pass any regulatory obligation.
Conversational Incident and Disaster Simulations
What is a tabletop exercise?
Level up your incident response and disaster recovery plans
A tabletop exercise is a guided walkthrough of incident response and disaster recovery plans. By presenting a theoretical disaster or incident and discussing how your organization would handle it based on its plans, we can quickly start to uncover where there might be shortcomings in your potential response. The end goal is to ensure the proper business units, points of contact, technology, and execution are in place and ready before an incident or disaster occurs.
How does FRSecure approach Tabletops?
We start by working with you to gather information about your network setup, any specific scenarios you would like to run through, and what kind of pain level your organization is looking to test. By understanding your network and current events we can provide flexible scenarios aimed at making your entire program better.
A tabletop engagement with FRSecure begins with understanding what your environment looks like, how problematic you want the theoretical incident to be, and coming up with scenarios to match.
The exercise includes a walk through of the plan based on the scenario presented. We set the stage, enact your plan, provide realistic changes to the incident based on your environment and the attack, and then see how you pivot.
On every engagement, we include additional IR team members and analysts to transcribe the conversation. We collectively parse through notes and come up with key components to make improvements on.
Delivery & Recommendations
Once we’ve come up with improvement recommendations, we present the findings to your team so they know where to make changes. This is a great training opportunity for IT outsiders—they’re just as impacted by system downtime.
We keep this exercise conversational and flexible. The benefit is that it doesn’t take us 6 months to come up with a scenario to run through—we’re comfortable adjusting based on what is said/done. Because of this, we can turn these around quite quickly!
We operate on a “pain” scale (or the potential impact a similar event would have on your organization) of 1-10 based on what your organization wants to test. Depending on the scale chosen and intel we’ve gathered about your environment and known vulnerabilities, we then come up with a scenario that fits best.
Most commonly, we see a 7—relatable to a ransomware event.
This is intentionally meant to be something you can do frequently and at little cost. Organizations are often told to do these annually, but we recommend semiannually or quarterly.
While having a plan in place is not necessary to run through one of these engagements, it is highly encouraged. You will still learn how to better handle incidents regardless, but the point is to vet your plan.