Incident Response Tabletop – Is Your Company Prepared for an Emergency?

4. February 2021

Cyber attacks are an everyday reality for companies – therefore it is important to close any entry gates. However, as this alone is not enough in many cases, you should check whether your company is prepared for a cyber attack. A timely response by your employees as a well-coordinated team is crucial for successful protection and for limiting potential damage. Therefore, responsibilities and each individual step must be clearly defined – only then can you act swiftly and correctly.

In order to prepare your company for an emergency, the development of an incident response plan on the best possible reaction and crisis management in the event of a cyber attack is a decisive step. Different standards, such as

  • PCI DSS
  • ISO/IEC 27001:2013
  • NIST (NIST 800-53 and NIST Cybersecurity Framework)
  • IT-Grundschutz of BSI

require a regular review of these measures.

One method that you can use to check the Incident Response Plan in your company in a playful way is the Incident Response Tabletop.

How does an Incident Response Tabletop work?

The Incident Response Tabletop is a theoretical exercise of real-life scenarios where the response plan is tested. It identifies areas your team has effective decision-making processes or where improvements are needed. With this technique, different attack situations are played out theoretically, effectively preventing panic-driven reactions.

An information security expert guides your team through the discussion of each scenario, allowing them to assess readiness to respond or identify potential security gaps in the response process. The question of the correct behaviour of your employees or the filing location of relevant documents are points that need clarification in advance.

The result of this exercise is the understanding of all participants for the identification, analysis and possible solutions of incidents or how they can be prevented in advance in the future. It is thus ensured that each team member knows her or his responsibilities and takes the appropriate action through a hands-on experience in case of an emergency. It also clearly defines your company’s cyber response position and clarifies the collective decision-making processes of the teams involved – thus providing the optimal proof of concept for your emergency management.

Individual scenario

For a target-oriented incident response tabletop exercise, our experts prepare an individual emergency scenario. This is based on their many years of experience in IT security consulting and can be adapted to the guidelines and processes that apply to you. Through a combination of practical planning and customised training, our experts prepare your company that you take the right steps in an emergency.

If you would like to prepare your employees efficiently for an emergency too, our experts will be happy to assist. Contact us.

Also interesting:

A5: BSI Publishes New Audit Framework for Trustworthy AI

A5: BSI Publishes New Audit Framework for Trustworthy AI

The German Federal Office for Information Security (BSI) has published the Community Draft of the AI Audit and Assurance Assessment Architecture (A5) (currently available in German only), thus starting the consultation phase. A5 is intended to create a standardized...

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

Current developments in AI systems show that vulnerabilities are found more quickly, suitable exploits are developed more quickly, and attacks are increasingly implemented automatically. This significantly reduces the time between discovery and exploitation. What used...

Bafin Publishes 9th Amendment to MaRisk

Bafin Publishes 9th Amendment to MaRisk

On 30 June 2026, all credit institutions and financial services institutions in Germany received an important circular: Following the consultation phase, the German Federal Financial Supervisory Authority (Bafin) published the 9th amendment to its Minimum Requirements...

Categories

Categories