Incident Response Tabletop Exercise

Based on our vast experience in the area of Enterprise security solutions, DirectDefense has developed the proposed Incident Response Tabletop Exercise using established industry best practice following NIST SP 800-61.

During these two-to-three week exercises, we work with both technical staff and leadership to create purposely overwhelming security incidents that will allow us to find vulnerabilities in your response plans and make improvements.

Our incident response tabletop exercise follows a seven-step process:

1. Preparation

We’ll work with your entire team to understand your business model, what it would take to properly respond to an incident, and ensure you have the right tools available. Preparations can include:

  • Compliance with Cyber Risk Insurance
  • Legal Counsel
  • Team Training
2. Detection

Our team will head off the presence of an incident, which includes identifying the difference between manageable security anomalies and correlated incidents requiring immediate response.

3. Analysis

Not all events are incidents. Our expertise allows us to identify correlations in events to determine the presence of an incident, at which time we would guide your organization through the process of declaring an incident and initiating the response.

4. Containment

We will work to minimize the overall impact of the incident, limit its capability and ensure the problem doesn’t spread. Addition- ally, we will coordinate with outside vendors or third parties as needed, as well as guide you through regulatory requirements.

5. Eradication

Through these steps, our goal is to fully eradicate the incident.

6. Recovery

Once the incident is eradicated, we work to get your organization back to the way it was before the incident occurred.

7. Root-cause/Post-incident Activity

The most critical piece of incident response is conducting a root-cause analysis to figure out why the incident happened and how it can be fixed to prevent a similar incident. These lifecycle updates help protect your organization into the future.

As your partner, we’re committed to working with your organization to identify gaps and vulnerabilities in your response plans and apply our knowledge to help you be fully prepared in an actual security incident.

Cybersecurity Strategy & Roadmap

Get a comprehensive cyber security strategy and roadmap that covers your systems, processes, and extended team.

DirectDefense applies a proven risk-based assessment methodology with an outcome that benefits an organization’s development of practical and realistic security goals. We help you gain confidence in your information system’s security posture using a phased approach.

Information Gathering and Document Review – Gathering information for assessment execution, including existing information security-related documentation, your infosec departmental structure, known risks and deficiencies, and the existing processes / security controls to be used to mitigate those areas of improvement.

Interviews – Comparing documented procedures with implemented processes, and identifying processes that have not been formally documented that impact the infosec program.

Analysis, Reporting and Mitigation Strategies – Analyzing identified vulnerabilities to determine root causes, establishing mitigation recommendations, and developing a final report. Discussions between the client and the assessor help all parties better understand identified vulnerabilities and next steps forward.

Documentation and Communication – Providing advisory recommendations and findings in documentation and reports divided among the following components:

  • Status Reports
    Our consultants create and deliver status reports each day during the engagement and weekly during remote activities via our secure customer portal. Status reports include all activities performed, discoveries, and project issues.
  • Final Report
    We detail all elements of our infosec program review, and the findings associated with policy and procedure reviews, inclusive of identification of missing documentation and processes.
  • Cybersecurity Roadmap
    We lay out a roadmap inclusive of estimated timelines, and resource requirements for all recommended security initiatives. We implement security protections based on your budget and timeline, and prioritize them accordingly.

Business Continuity and Disaster Recovery

Maybe a hurricane causes significant damage to your offices and technology. Maybe a security breach locks your company out of its network, halting business operations in their tracks. A Business Continuity and Disaster Recovery (BCDR) plan helps you maintain a certain level of operation, and eventually get back to normal.

We have developed a 3-phased BCDR Assessment and Roadmap that follows established industry standards based on NIST SP 800-34.

PHASE 1: Information Gathering & Document Review

  • Existing disaster recovery documentation
  • Impact on your business of all systems and processes
  • Known risks and deficiencies
  • Existing mitigatory processes or controls

PHASE 2: Interviews with Company Personnel & Stakeholders

  • Identify implemented processes that have not been fully documented
  • Understand roles and responsibilities in disaster scenarios

PHASE 3: Analysis, Reporting, and Mitigation Strategies

  • Analyze planning gaps or deficiencies
  • Establish mitigation recommendations
  • Create a final report

Evolve Your Business as the Landscape Changes

Strategy and planning solutions are more successful with routine maintenance and updating to account for changing economic, security, and natural environments. Our Enterprise security solutions offerings work together to provide a complete cybersecurity program to keep your organization protected for the long haul.

Planning: An Incident Response Plan puts your team in complete control following a ransomware or other security attack so you can be better prepared and recover faster.

Updating: An annual review of your BCDR program helps shed light on any documentation updates or plan changes.

Testing: A tabletop exercise puts your response plan to the test in a real-world scenario, and helps you fine-tune your BCDR program accordingly.

When your revenues and reputation are at stake, don’t get caught off-guard.

Contact us to see how our strategy and planning solutions can strengthen your business and help you stay up to date with the latest Enterprise security solutions.

Related Content:
Presentation: