Your organization has been breached. What do your executives expect you to do in the first fifteen minutes? What systems take priority? Information Technology powers the organization. Does your response plan align with the business priorities?
As the CIO or CISO you are trusted to:
- Keep the organization running;
- Protect the organization from an ever-expanding onslaught of increasingly sophisticated attacks; and,
- Help the organization recover quickly in the event of a successful attack.
Are “You” and Your Company prepared to Respond?
This requires constant vigilance and a keen technological understanding. Unfortunately for most CISOs and CIOs, their organization’s executives, including the Board and C-suite, do not share the same level of technological understanding. This makes explaining the risks facing the organization a big challenge. At the same time, new laws are coming online which require the organization’s executives to take a more hands-on approach to cybersecurity and data privacy, and the executives are typically turning to the CIO and CISO to help them meet these obligations.
Tabletop Exercises
Silver Tree’s tabletop exercises lay a foundation which helps CIOs, CISOs, and executives to communicate more efficiently and allows the executives to effectively govern cyber security and data privacy without having to become experts in the fields. The tabletop exercises also help the executives better understand their personal risk exposure and the company’s overall maturity, and allow the executives and technical teams to define business-oriented priorities to mitigate any shortcomings.
We accomplish this by creating custom exercises that walk your organization’s executives through a family of data breach scenarios. This allows them to see the natural role they play in defining and executing the breach response, and allows us to collect valuable information that helps you make the organization’s strategic plans and defensive responses more agile and efficient. The exercises also help elevate the IT and security functions so they are treated as the business enablers they truly are.
Example:
An employee knows her employment is about to be terminated, and before she leaves, she plants a “time bomb” which begins encrypting data and taking core equipment offline. A few days after her departure, the time bomb is triggered and things go bad. The helpdesk phones start ringing incessantly as you rush to understand what is happening. What do your organization’s executives expect you to do you do in those first fifteen minutes? What systems take priority, and what systems can wait?
Approach
Every organization is structured differently, with its own unique challenges and priorities. At Silver Tree, we know that the best results come from tabletop exercises that test for issues that can impact your organization. That is why we create customized tabletop exercises for each customer. Our four-step approach includes:
1. Learn – We speak with key representatives of your organization so we can better understand how the organization is structured, where and how it conducts business, and where and how its IT infrastructure is stored and managed.
2. Define – We work with your organization’s leadership to identify key participants for the tabletop exercises. We also carefully craft a family of scenarios that walk the participants through one or more sample incidents.
3. Test – Your executive’s time is precious, so we keep the exercises on schedule while fostering the discussions needed for effective results. We present each scenario to them, and we walk through crafting an appropriate response.
4. Synthesize – We want the participants to focus on outcomes, not taking notes. We collect the information and feedback from each exercise and synthesize it into a single document that is then shared with the organization.
Outcome
Implementation of discoveries from the tabletop exercises will help you:
- Communicate more clearly to Board of Directors about what resources are needed and WHY
- Define priorities to help your organization meet the executive leadership’s expectations when a breach occurs
- Tailor a cybersecurity roadmap to the way your company does business
- Identify Incident Response weaknesses
CONTACT US for more information on Initiating a TableTop Exercise