Icon.svg

Conducting Cyber Tabletops – A Practical Guide on How to Develop a Scenario Exercise (Full Day)

SESSION

Back to Program

Conducting Cyber Tabletops – A Practical Guide on How to Develop a Scenario Exercise (Full Day)

9:00 am

/

9 May 2023

Ben Di Marco

About this session

A consistent industry theme is that organisations of all shapes and sizes should conduct cyber table top exercises. This session will provide attendees with practice insights on how to design, scope and deliver cyber tabletops within their organisation and maximise the benefits of these exercises.

By working through breach scenarios organisations can improve their ability to respond to a real cyber threat. Despite proven benefits few Australian organisations have the confidence to perform scenario tabletops.

This often stems from difficulty in understanding how a cyber scenario should be developed, and how effective tabletop exercises are delivered.

There is no one size fits all approach for workshops however common key principles exist. This tutorial will explore the steps involved in preparing for and delivering cyber tabletop exercises, and strategies to maximise the benefit of a scenario workshops.

Some of the issues this session will explore include:

  • Preparation that should be undertaken prior to developing a tabletop workshop such as incident response plan development, IR team identification, accountability assessments, threat identification and gaps analysis resilience;
  • Identifying the individuals within the organisation and any third parties that should be involved in the cyber risk scenario;
  • The factual investigations that should be performed to help develop an appropriate cyber risk scenario, including how to identify industry specific risks, incorporating legal and regulatory items, and leveraging available information on breach costs and reputational harm example;
  • How a tabletop should be customised to the organisation’s incident response process and what critical thinking issues the scenario should raise for participants;
  • Options for delivering the workshop scenario including event structure, formulating what information to provide to participants, developing evolving scenario elements and facilitating discussion items; and
  • How to incorporate information and lessons learned from a tabletop to improve the organisation’s resilience and ability to respond to an event.