Contact Us

Incident Response Tabletops

Having a plan and playbooks to execute when an incident occurs is useful. Validating your procedures and testing any assumptions regularly is how to ensure you have effective processes.

Tabletop exercises allow your staff to do just that by communicating how they would react and rehearsing what actions they would take.

Practice, practice, practice!

Like most things, conducting tabletop exercises allows your teams to practice and improve their abilities at responding over time. Although each scenario will be different, this allows other members within your teams to switch roles and perhaps take the lead in their area of responsibility, enabling the organisation to build resilience and be prepared to mitigate the impact of a cybersecurity incident.

Tabletop exercises provide:

  • A low-stakes environment helps in training personnel without the pressure of real-world consequences
  • Allows participants to familiarise themselves with procedures and the roles they would have to undertake during a real crisis
  • Creates opportunities to uncover weaknesses that might not have been apparent otherwise
  • Participants learn how to effectively communicate, share information, and coordinate responses across teams, which is crucial during emergencies
  • Enables decision-makers to practice making critical decisions under pressure and gain agreement on those decisions that can be made ahead of time
  • Builds confidence in responding to incidents, reduces panic during a real incident and ensurs a more coordinated response

Key Features

  • Tailored to your organisation

    Tabletop scenarios are based on events that are relevant for your organisation and industry

  • Tailored to your tooling

    Each scenario considers what coverage your tooling has and the gaps you have in your environment

  • Multiple injects

    Further context is added through multiple injects as you navigate through the tabletop exercise

  • Based on real world adversaries

    Scenarios are based on attacks that have been conducted in the past

  • Mapped to the MITRE ATT&CK Framework

    Injects are mapped to adversary Tactics, Techniques and Procedures (TTPs)

  • Basis for advanced topics

    Prepares your teams for more advanced exercises (e.g. adversary emulation)

Test your playbooks with a tabletop

Conduct a walk-through of actions in an incident through a tabletop exercise, allowing your staff to validate processes and rehearse what actions they would take

Book an Incident Response Tabletop now