Incident Response Tabletop Exercises

While most leaders know and understand their organisation’s cyber incident response plan (IRP), that knowledge can sometimes give a false sense of security. Working on thousands of cybersecurity matters every year, we have seen crises grow and intensify when a client discovers their IRP is outdated or when key members of the response team are not properly prepared to follow the plan.

Testing and practicing an IRP on a regular basis is essential for maintaining confidence in the plan and strategy. That is why Kroll offers customised incident response tabletop exercises (TTX) led by our seasoned experts. Participating in a Kroll TTX gives the members of an incident response team a valuable opportunity to clarify and rehearse their roles. Ultimately, this will give them greater confidence to carry out their assigned duties when responding to an incident. A TTX can also uncover and shine a light on those areas where an IRP needs to be updated or improved.

Seven Steps to Greater Confidence in Responding to a Cyber Incident

Kroll follows a seven-step process refined by our leading hundreds of tabletop exercises for client organisations of various sizes, complexity and industry sectors in Singapore, Hong Kong, across Asia and worldwide. 

• Step 1: Kick Off the Process with Clear Communications
  Kroll’s cyber experts start the process by holding a call with all participants to provide an overview of the TTX protocols, what they should expect during the interviews, and a timeline for each step.
• Step 2: Interviews with Key Stakeholders
  Our team will conduct onsite meetings to identify each stakeholder’s duties with regard to incident response. They will also look to address any general cybersecurity concerns, including specific factors or vulnerabilities response team members perceive within the organisation, as well as any recent developments in relevant industries or another publicly known cyber incident.
• Step 3: Review Current IRP and Other Documents
  An in-depth review of the client’s existing IRP will focus on identifying flaws and gaps that could hamper or decrease the effectiveness of the company’s response.
• Step 4: Develop an Incident Response Plan
  For a client without an established IRP in place, we will develop a plan customised to their unique needs as they look to mitigate damage from a potential cyberattack. We will deliver the plan about a week before the onsite TTX.
• Step 5: Create Custom Tabletop Scenarios
  Our aim in creating these scenarios is to encourage communication among all response team members. This approach not only clarifies each individual's responsibilities in response to a real incident, it can also help identify and resolve any deficiencies in the IRP itself.
• Step 6: Conduct Onsite TTX
  In this discussion-based event, our cyber experts will present four to six incident response tabletop scenarios tailored to the client organisation. The purpose of this exercise is to test the established IRP and give participants a chance to experience an incident response in a relaxed, open setting.
• Step 7: Deliver Report
  After the TTX is complete, our team will review the results and provide a final report outlining the lessons learned from the exercise and a summary of their discussions and recommendations.

Know How You Will Respond to a Cyber Incident Before One Strikes

Take advantage of Kroll’s unrivaled cyber incident response experience to better prepare to respond to a cyber incident. To schedule a customised tabletop exercise for your team, contact a Kroll expert today.