Incident Response Tabletop – Is Your Company Prepared for an Emergency?

4. February 2021

Cyber attacks are an everyday reality for companies – therefore it is important to close any entry gates. However, as this alone is not enough in many cases, you should check whether your company is prepared for a cyber attack. A timely response by your employees as a well-coordinated team is crucial for successful protection and for limiting potential damage. Therefore, responsibilities and each individual step must be clearly defined – only then can you act swiftly and correctly.

In order to prepare your company for an emergency, the development of an incident response plan on the best possible reaction and crisis management in the event of a cyber attack is a decisive step. Different standards, such as

  • ISO/IEC 27001:2013
  • NIST (NIST 800-53 and NIST Cybersecurity Framework)
  • IT-Grundschutz of BSI

require a regular review of these measures.

One method that you can use to check the Incident Response Plan in your company in a playful way is the Incident Response Tabletop.

How does an Incident Response Tabletop work?

The Incident Response Tabletop is a theoretical exercise of real-life scenarios where the response plan is tested. It identifies areas your team has effective decision-making processes or where improvements are needed. With this technique, different attack situations are played out theoretically, effectively preventing panic-driven reactions.

An information security expert guides your team through the discussion of each scenario, allowing them to assess readiness to respond or identify potential security gaps in the response process. The question of the correct behaviour of your employees or the filing location of relevant documents are points that need clarification in advance.

The result of this exercise is the understanding of all participants for the identification, analysis and possible solutions of incidents or how they can be prevented in advance in the future. It is thus ensured that each team member knows her or his responsibilities and takes the appropriate action through a hands-on experience in case of an emergency. It also clearly defines your company’s cyber response position and clarifies the collective decision-making processes of the teams involved – thus providing the optimal proof of concept for your emergency management.

Individual scenario

For a target-oriented incident response tabletop exercise, our experts prepare an individual emergency scenario. This is based on their many years of experience in IT security consulting and can be adapted to the guidelines and processes that apply to you. Through a combination of practical planning and customised training, our experts prepare your company that you take the right steps in an emergency.

If you would like to prepare your employees efficiently for an emergency too, our experts will be happy to assist. Contact us.

Also interesting:

Top 3 Vulnerabilities in Mobile App Pentests

Top 3 Vulnerabilities in Mobile App Pentests

During their penetration tests (pentests), our security analysts at usd HeroLab repeatedly uncover vulnerabilities that pose significant risks to corporate security. They increasingly encounter the same vulnerabilities. Our blog series "Top 3 Vulnerabilities" presents...