Tabletop Exercise (TTX) Workshops
CyberProtex conducts one-day Cyber Resiliency workshops or Tabletop Exercises all around the United States. The one-day workshops introduce professionals to best practices in cyber resiliency, seek to foster communication within companies, entities and industries to strengthen resiliency capabilities, and will identify continuity and crisis management planner’s potential gaps in response capabilities. Attendees will hear subject matter experts on best practices; question a panel of subject matter experts on what works or does not work for them; review a current real-world case study; and collaborate in a table top exercise with time for discussion and debriefing.
The CyberProtex Tabletop Exercise (TTX) is discussion-based and provides an incident scenario with a series of injections that we tailor to your operational needs. The TTX Services team moderates a discussion and breaks participants into teams. Each team is then required to respond to each injection and present their findings to the entire audience of participants.
Tabletop Exercises (TTX) and Industrial Compliance
NIST 800-171 and CMMC
Conducting a tabletop exercise can satisfy several NIST 800-171 controls related to incident response, risk management, and continuity planning. Here's how it aligns with specific controls:
1. Incident Response (IR)
By conducting tabletop exercises, an organization can:
1. Incident Response (IR)
- 3.6.1: Establish an incident response capability.
- Explanation: A tabletop exercise helps demonstrate and test your organization’s ability to respond to security incidents effectively.
- 3.6.2: Detect and report events.
- Explanation: Exercises help to identify gaps in detection and event reporting procedures and ensure teams know how to report security events promptly.
- 3.6.3: Develop and implement incident response plans.
- Explanation: Running through scenarios validates the incident response plan, ensuring that roles, responsibilities, and communication protocols are understood.
- 3.6.4: Test incident response capability.
- Explanation: A tabletop exercise is a form of testing that provides insights into how the incident response plan works under simulated real-world conditions.
- 3.6.5: Track, document, and report incidents.
- Explanation: Exercises often include documentation and after-action reporting, which helps satisfy requirements for tracking and reporting incidents.
- 3.11.1: Periodically assess the risk to organizational operations, assets, and individuals.
- Explanation: A tabletop exercise can be part of a broader risk assessment process, identifying potential weaknesses in incident handling and response strategies.
- 3.11.2: Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities are identified.
- Explanation: While not a direct vulnerability scan, a tabletop exercise may reveal procedural vulnerabilities or gaps in response.
- 3.12.1: Periodically assess the security controls in organizational systems to determine if they are effective.
- Explanation: Exercises allow for evaluation of how well security controls are implemented in practice, especially during an incident.
- 3.13.1: Establish and maintain contingency plans.
- Explanation: Tabletop exercises simulate scenarios that could disrupt operations, ensuring that contingency plans are well-prepared and actionable.
- 3.13.3: Test and review contingency plans.
- Explanation: The exercise serves as a testing mechanism to validate the effectiveness of contingency plans and make necessary adjustments.
- 3.2.1: Ensure that managers, system administrators, and users of organizational systems are made aware of the security risks associated with their activities.
- Explanation: Participating in a tabletop exercise raises awareness of security threats and the importance of their roles in incident response.
- 3.2.2: Ensure that personnel are trained to carry out their assigned information security-related duties and responsibilities.
- Explanation: Exercises serve as a training activity, helping staff understand and practice their response roles.
By conducting tabletop exercises, an organization can:
- Validate and refine incident response and contingency plans.
- Improve staff readiness and coordination.
- Identify and address procedural gaps.
- Enhance overall resilience to security incidents.