Cyber Defense Frontline: Crafting the Ultimate Incident Response Tabletop Exercises - podcast episode cover

Cyber Defense Frontline: Crafting the Ultimate Incident Response Tabletop Exercises

Podcast | PreparedEx
Jul 16, 202412 min
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Join host Rob Burton in the 139th episode of Cyber Defense Frontline as we delve into the critical world of incident response tabletop exercises. This episode is a must-listen for anyone looking to bolster their organization’s cyber defense capabilities. We’ll walk you through the meticulous process of designing and executing effective tabletop exercises, from initial […]

Transcript

Hello, and welcome to another episode of the prepared Podcast, I'm your host, Rob Button, and just before we get started today. Here's a word from our sponsors un unsolved. Physical threats such as severe weather, infrastructure failures and civil unrest are increasing in... Severity and frequency, forcing organizations and government agencies alike to prepare for unpredictability.

That's why only on solve technology is committed to to helping security and risk professionals identify threats quickly and manage response holistically.

On unsolved combines artificial intelligence Ai, powered threat detection, real time and historical, with mass notification, incident management capabilities, and travel risk management, to form the industry's most comprehensive unified platform, 1 that helps organizations identify critical events faster, analyze risks more accurately, and shorten the time to respond.

From anticipating risks to detection and recovery, on soft technology and their experienced team support over 30000 organizations across the globe through every step of a critical event. Welcome to the prepared x podcast. Your complete source for crisis, emergency business continuity and security preparedness interviews, news, and mud more. Now your host. He creates chaos for a living, Rob. Welcome to so 139 of the prepaid prepared podcast titled Cyber defense frontline Crafting.

The ultimate incident response tabletop top exercises. Welcome back. Took a short break there over about a month over the summer here. To both work, but also take a couple of days off with the family. So it's really good to be back and back into it and we'll be going back to our usual 2 podcasts per month is our usual plan. So looking forward to jumping back into it. So this 1, it's all about cyber instant response tabletop exercises I think,

we've been through this before. We follow a very similar process to our other tabletop top exercises. Of course, we we move more in the direction of the incident response as it relates to instant response planning as it relates to some elements of technical components of your cyber response, so we'll touch on those types of, pieces that we're gonna bring in to the exercise from your tech teams, and those components. Are we gonna make it tech technology heavy?

Depends on the team. Do we need to add some element of communication in there if we're bringing in the instant response team from a com standpoint is a leadership team. What is the makeup of the team? All those good things should come out in your planning stage, which we're gonna come onto to. So anyway, the first step and really, most importantly is really to get organized. And you'll hear me talk about it in no matter exercise we plan for really say in the stage. So what are

we doing? Why are we here? Why are we ring this instant response tabletop exercise? You could have a good reason and often you will often, you, obviously, if from I'm a if you're in a regulated environment, you gotta do

it from a a regulatory perspective. Of course, instant response is essential to your response to a cyber attack, and so with those organizations, which is the vast majority of us now are susceptible in some way shape or form to to some kind of ransom wear, some kind of other technical event that may impact us. And so, you know, preparing for that scenario planning is essential. So craft those objectives why are we here? What are we doing?

What are we looking to accomplish with by going through this process. So that's really, really important in the early stages. Part of the planning as well. And again, you know, we can be broken down is to a separate component, but, it's to start to look at those different issues that you want to look at specific to the... Your organization. So what of those scenarios that are gonna impact you the the most, how are they gonna unfold. So work with your tech technology teams, not all

of them. If they're participating, work with 1 or 2 of them. And try and find out how this will start to unfold and make your day a bad 1 to make the whole organization's day, a bad 1. So think about the impacts, think about the systems that could be, taken down. How would that

happen? What it would it look like to you what's the general timeline of that happening, what are the impacts of and what of your customers seeing potentially, but certainly, what are your employees experiences as well when these things start to unfold. So, You can roughly draft that out in this initial planning stages as well before jumping in and adding the details into

the scenario, which we'll talk about now. So once you've got that draft overview together, what you want to do is then put some details around, you know, how this is gonna unfold. Usually go... Keep it simple to start off with, go through the initial unfolding situation. So that might be the first day, you're experiencing this or you certainly find out that you're experiencing this. And then go on to the next period. Again, that might be 1 another day, it may be it's several other days. How how

bad you want to make it. Right? So think about that, it in terms of your scenario. So if you wanna make it a 5 day event. So how are we gonna do that. We need to flush you out further in terms of us struggling to get back online, you know, the ransom web component to it obviously bringing in all the other key role players for the instant risk response standpoint, So making sure that they're

participating as well. So including that in your scenario, you know, all the legal components you know, the other elements that are gonna, be, you know, brought to your knees in terms of a technical component. All the you know, supporting our organizations are gonna come along this, critical vendors. They're gonna come along with support you. Are they involved in the exercise, or you're just gonna talk about them in the exercise. So again, all this can be flushed out when you are designing your,

scenario. So, again, making it a difficult day is certainly something you want today you want to do. Because, again, this is crisis management. This is instant response. So, you know, you may... You don't wanna make it over something overly difficult, of course, because we want those leaders and we want those participants to come back and do further training and exercises in the future. You need to obviously make it a bad day that's relevant and realistic to, your environment.

So once you put all that together and if... Course, we want to deliver, and, hopefully, you've organized this ahead of time. So in terms of the delivery, make sure you got that that's a seasoned of course facilitate to facilitate that process. That's it's really important, especially if you've got leaders in the room for a couple of hours. You don't wanna be wasting their time, wanna have a professional event but organized. If there's hand outs, there's hand

outs. If you're breaking the teams down to different groups where they're gonna go while they're gonna discuss. You you know, you've got different, you know, inject for different, areas of the business, so you got some legal information for the legal folks. So are they gonna go and work on it. Are you gonna keep them in the in room. So lots of things to think about in terms of delivery preparing that team as well? Have you sent them a brief ahead of

time in the planning stages? We usually send their pre read video to get those participants ready for the exercise. So, lot you can been doing there. So challenging in the delivery, the decision making and obviously communications, being a big part of it as well. And, of course, if it's more technical focus, you know, we're gonna be talking about all those technical components and the different issues that the technical team's is gonna be faced with as it

relates to the specifics around the scenario. So Again, you may have both of those scenarios running. We we have 1 client right now where we're doing technology on day 1. Either way we roll it day 2 for the... Leadership and it works quite well because we're obviously learn a lot from day 1. We can adjust slightly. So this scenario into day 2 and have those key discussions, on some of those findings. So lots to do on delivery. A partnered of delivery as well is that evaluation component

really. So step 3 here really is the evaluation and making sure we can pull all that information in. So as you're having your discussions, how we we evaluating the x exercise. Is it based on our plans, our procedures? Is it based on other elements that we, have, built into to our, evaluation, protocols, our evaluation, assessment processes, you know, how are we meeting those again, you can get into a lot of detail as it relates to your evaluation. But, you know, really, it links back to, plans.

And I I use use 1 example, and let's use it from an instant response activation of the team. So your plan makes what say 1 thing, but from an evaluation standpoint. So, you know, that... Something else actually happens or is discussed differently to what's in the plan, what happens in real life. So again, you know, that's the evaluation there. It's not matching up. It in terms of, that process. So the adjustment would need to take place in

your after actual report afterwards. So... And again, there are other elements that you want to test in your plans And again, that links back to your evaluation protocols. So really important that we evaluate. And of course, at the end of the exercise, we...

Be gathering all the information from all the participants, and it's really important that's, of, of course, we put a comprehensive after action report together, gonna just like we're doing other exercises is really important that that report identifies what everyone's discussed in terms of their findings. Again, everything comes from the participants. You know, they find out what's going on, they find out what's wrong in terms of the... In in terms of their experiences

in the tabletop topic. Exercise and even in real life as well. So you're documenting all of that during the exercise, it's really important because sometimes when we get together and have our meetings, in a general setting and have a general discussion, we really don't identify opportunities for improvement. That's the main purpose behind running after running a tabletop top exercises and put you after action reports together. So gathering those observations, this is what we found and

then adding a recommendation. This is what we recommend based on those findings and documenting those in your after action report really, really important. And, of course, part of that as well, is once you've had that report approved everyone signed off on it in terms of those findings, then you put the remediation plan together. So we found everything and they have to act and report the observations and recommendations. Now we put those

recommendations into remediation plan. Who's responsible for doing what bioware when in terms of those improvements, shouldn't whether it's a a update of a policy, update of procedure, like some capability that's missing that we need to add into the planning, whatever it may be, that mediation plan needs to have those details and how you're gonna accomplish, you know, modification of the plan, all those other things

that are in there. So at that plan that remediation plan needs to be put together, and again, distributed those individuals who are gonna be responsible for you know, for, carrying out the remediation plan. And that may last 3 months it may last 6 months depending on how detailed you get in terms of for, those remediation items.

But again, you know, you need to have a plan and you need to be to act on it after the exercise, So, you know, very high level, and it went to, not too much detail, but planning obviously, is the initial part of

it putting your exercise together the object. Tips all that good stuff, delivery really important that we have a facilitator who's done this before, or you got someone who's confidence standing for of those leaders to make sure that we're delivering and we're challenging those decision making and communication elements. Of course, the evaluation and, the the report writing and remediation are those steps that come

you know, after that. So, you know, really, really important that you have a thorough process as you're designing your after... I... All your tabletop exercises and you're conducting your after action report and remediation planning, which is really the main element at the end of the whole process. So hope you enjoyed this 1. Episode 01:39. If you did, please share it with your network, and we look forward to seeing you on the next podcast. Take care.

Transcript source: Provided by creator in RSS feed: download file
For the best experience, listen in Metacast app for iOS or Android