Tabletop Exercises: Testing Incident Response Plans in Real-World Scenarios

Do you have confidence that your organization could withstand a cyber security emergency?

Work with our expert incident handlers to run through Emergency Preparedness Drills for your Incident Response, Business Continuity, and Disaster Recovery plans

Tabletop Exercises

Conversational Incident and Disaster Simulations

What is a tabletop exercise?

Level up your incident response and disaster recovery plans

A tabletop exercise is a guided plan walkthrough that helps determine situational emergency readiness. By presenting a theoretical disaster or incident that our experts have seen in real life and then discussing how your organization would handle it, we can navigate any holes in your plan in a safe environment. The goal is to ensure your proper business units, points of contact, technology, and execution are solidified before an incident or disaster occurs.

How can we help?

Speak with one of our incident response experts to get started on improving your IR & DR plans.

How does FRSecure approach Tabletops?

We start by working with you to gather information about your network setup, any specific scenarios you would like to run through, and what kind of pain level your organization is looking to test. By understanding your network and current events we can provide flexible scenarios aimed at making your entire program better.

Tabletop Steps

01.

Planning

A tabletop exercise with FRSecure begins with understanding what your environment looks like, how problematic you want the theoretical emergency to be, and coming up with matching scenarios that mimic what we see every day.

02.

Exercise

The tabletop exercise includes a walk-through of your plans based on the emergency scenario presented—but in a safe and controlled environment. We set the stage, enact your plan, provide realistic changes to the incident based on your environment and the attack, and then see how you pivot.

03.

Report

In every tabletop exercise, we include additional incident response team members or analysts to transcribe the conversation. We collectively parse through notes and navigate any holes in your plan.

04.

Delivery & Recommendations

Once we’ve come up with improvement recommendations, we present the findings to your team so they know where to make changes. This is a great training opportunity for IT outsiders—they’re just as impacted by system downtime.

Disaster Recovery Tabletop

A disaster recovery plan focuses on maintaining system uptime in the face of a natural or human-made disaster.

Incident Response Tabletop

An Incident response plan focuses on helping to identify, eliminate, and recover from information security threats.

Tabletop FAQ

How long does it take to get started?

We keep this exercise conversational and flexible. The benefit is that it doesn’t take us 6 months to come up with a scenario to run through—we’re comfortable adjusting based on what is said/done. Because of this, we can turn these around quite quickly!

What kind of incidents do you run through?

We operate on a “pain” scale (or the potential impact a similar event would have on your organization) of 1-10 based on what your organization wants to test. Depending on the scale chosen and intel we’ve gathered about your environment and known vulnerabilities, we then come up with a scenario that fits best.

Most commonly, we see a 7—relatable to a ransomware event.

How often does this need to be done?

This is intentionally meant to be something you can do frequently and at little cost. Organizations are often told to do these annually, but we recommend semiannually or quarterly.

Do I need a plan in place to do one of these?

While having a plan in place is not necessary to run through one of these engagements, it is highly encouraged. You will still learn how to better handle incidents regardless, but the point is to vet your plan.

If you do not yet have an incident response plan implemented, consider using our free template as a starting place and adjusting it to fit your business and security program needs.

“FRSecure’s recommendations have resulted in a level one PCI certification, which is the highest level of certification a company can achieve. Their highly personalized recommendations and services have resulted in heightened security and continual growth in business.”

Security Administrator

Premier Printing Company

The FRSecure Way

Why work with FRSecure?

Expertise

FRSecure has been in business for over 10 years, and our Incident Response team has tackled 125+ incidents in the last 2 years alone. When it comes to understanding how to respond and recover from incidents and disasters, you have the benefit of experience in your corner.

Mission

Our mission at FRSecure is to fix the broken information security industry. Not only do we help improve IR and DR plans, but we also solve as many weaknesses as we can in your security environment. We are dedicated to making real, lasting, impactful changes to your security program.

Approach

Our approach isn’t “cookie cutter.” We recognize that each organization is different, and every security program is at a different stage of maturity. We get to know your security program intimately, determine what your strengths and weaknesses are, and craft the scenarios and test the response based on what we see in the wild.

Focus

Information security is all we do. We don’t do IT, sell hardware, or provide telco services. We only do security. Because of this, our team can provide unbiased recommendations that will actually make a dramatic impact to the way you do security. We work hard to be a partner—collaborating with and educating your team every step of the way.