Tabletop exercises are one of the most important activities your team can perform, and they are arguably less popular than the yoga pose it shares its name with, and that’s an issue.
But First a Brief Dramatization…
Okay class let’s get that core engaged, it’s time to do a tabletop exercise! First things first, straighten your back, shoulders in an engaged positi… Wait a second, why is everyone here dressed business casual?! But the sign on the door said this was a meeting for a tabletop exercise!
Okay, we can’t say that’s a true story but if you google tabletop exercise and go to images a yoga pose is the first thing that comes up, but that’s not why you’re here so let’s get to the real posture you care about, your security posture. Specifically, how tabletop exercises can prepare you for the worst but put you in the best position to succeed. NIST CSRC Glossary, the go-to place for cyber and information security principles since the mid-90s, defines tabletop exercises as the following: “A discussion-based exercise where personnel with roles and responsibilities in a particular IT plan meet in a classroom setting or in breakout groups to validate the content of the plan by discussing their roles during an emergency and their responses to a particular emergency. A facilitator initiates the discussion by presenting a scenario and asking questions based on the scenario”. Information Security tabletops come in many flavors, Business Continuity, Disaster Recovery, Crisis Management, and Incident Response just to name a few. We will focus on Incident Response for this illustration, but the same principles will apply.
Tabletop Exercises Help Improve Your (Security) Posture
Take a seat because this is important, and please sit up, slouching isn’t a good look for you. Here’s a question: When a crisis hits, “who you gonna call?” If Ghostbusters was your first answer, then you’re in the right place.
A tabletop exercise simulates an actual crisis, and in a situation like that, you will want to be prepared. The National Cyber Security Alliance found in a study that 60% of small and medium-sized businesses that are hacked go out of business within a handful of months. In our opinion, one reason for this is that many companies do not take the time to practice how they would respond to a DDOS attack, loss of customer data, phishing, etc… the list goes on. Not practicing your response procedures could result in more downtime, money lost, and information being out of your control for longer. However, you may feel that performing a tabletop exercise may not fit your organization’s structure at the current moment.
Do Not be Quick to Bend Over Backwards to Perform a Tabletop
The first question you should consider is if tabletop exercises are appropriate for your organization. After getting this far in the blog we hope your answer is a resounding, YES!! But… that’s not exactly the whole story. Tabletop exercises are more efficient if you have an existing Incidence Response Plan (IRP). These exercises are a great way to test the accuracy and completeness of your plan. Without an existing IRP, employees will respond on instinct instead of out of training through existing documentation. This may lead to a lengthier exercise, missed areas of opportunity, and would potentially require a repeat of the tabletop ahead of your company’s testing schedule. If you do not have an Incidence Response Plan right now, QoS is happy to assist you with creating one that fits your business’s needs so feel free to reach out to us with the contact information at the bottom of this blog.
If you feel like your organization somewhat understands Incident Response and is ready to build out a Tabletop Exercise, but you are not sure where to start you should find part 2 of this blog very helpful. “How to Build a Robust Tabletop Exercise”
For more information speak with a QoS consultant today, firstname.lastname@example.org, or reach out through our contact form on our website, www.qosconsultingsolutions.com.