We will be having an upcoming tabletop scenario ("war games") for Cyber-Security. Are there any specific scenarios any of you have used that you've found particularly useful? Any ways you've structured or executed these scenarios to amplify the value?
Sort by:
Phishing Attack Response: Simulate a widespread phishing attack that targets employees across various departments. This exercise tests the team's ability to quickly identify, respond to, and communicate about the phishing threat, emphasizing the importance of user awareness and rapid reaction protocols. It could also be used from a lessons-learned approach and you could categorize which departments did better than others.
Ransomware Containment: Create a scenario where critical systems are hit with ransomware, challenging the team to contain the breach and initiate recovery procedures. This drills the importance of backup systems, quick containment measures, and business continuity planning under pressure.
Insider Threat Simulation: Pose a situation where an insider maliciously accesses and exfiltrates sensitive data. This scenario helps the team refine strategies for monitoring internal activities, managing access controls, and incident investigation techniques.
CISA has a solid set of exercises and tools, for free, that should help with incident response maturity.
https://www.cisa.gov/resources-tools/services/cisa-tabletop-exercise-packages
Ensure you customize the scenario to your organization; it will be more realistic and fulfill the exercise’s goal.
Take the exercise seriously and be brutally honest about the results. Don’t brush off issues saying” if it was real, we’d have done much better.”
If necessary, exclude people from the exercise who will hamper an open and forthright evaluation. Also ensure you have the key people who will actually be handling the issue (as opposed to a designee to represent a department).