3 Lessons From the Incident Response Tabletops

3 Lessons From the Incident Response Tabletops

Within the field of incident response, planning and testing are key elements of a good security posture. The importance of training and methods of developing tests both feature highly on security professionals’ priority lists. Here are a few lessons I’ve learned about incident response from having run tabletop exercises within IBM and alongside our clients.


What Are Tabletop Exercises?


For those unfamiliar with tabletop exercises, the premise is deceptively simple. A gathered team of incident responders, decision-makers and department representatives are presented with an evolving set of scenario prompts known as injects. These injects are based on real attack scenarios and range from the routinely expected, such as malware alerts, to some less obvious but nonetheless important issues, such as leaks on social media.


The intent of a tabletop exercise is to highlight areas to improve internally, such as ambiguous remits or conflicting processes, all within a low-stakes, blame-free environment. There are even specific tools that can help facilitate your exercises, making running a tabletop as simple as possible with an all-in-one approach.


Manage Enterprisewide Access to Classified Information


Within a recent incident scenario, the team encountered a slight problem dealing with classified material and working alongside legal and HR teams. For the scenario, no person within the HR and legal teams had been previously cleared to access the project files.


This meant that following the traditional incident response plan at a companywide leve ..