Incident Response Team Training
Tabletop Exercises for Incident Response Training
You have an incident response (IR) plan and you created an IR team — now what? Now is the time to offer tabletop exercises to ensure that your IR team members are familiar not only with the plan, but also with their roles and responsibilities during a security incident as well as with the communication processes both inside and outside the organization. Because your team includes people from all areas of the organization, not just IT, the training need not be overly technical.
Incident Response Basics and IR Plan Training
While HALOCK customizes incident training to match your organization’s plan, the general format is the same for all clients:
Review of the Basics. In this phase of the training, attendees become familiar with the key responsibilities of the incident response team (IRT) when handling a security event or incident. We go over incident response basics, terms, roles and responsibilities of the team members, plan phases (alerting, triage, investigation, containment, eradication, recovery, learning and planning), communications management, managing priorities and notification obligations.
Tabletop Exercises. We create two types of scenarios that are relevant to your organization. These scenarios are customized to meet the concerns of the organization, and will include the actual names of client systems, departments, etc., in order to increase the validity of the scenario. In the first set of scenarios (usually 4-6 can be covered in a typical training session) we present a hypothetical breach along with a mix of technical and nontechnical information, including the impact of the data compromise or integrity issue, and the availability of key systems. The facilitator asks participants the following questions regarding the scenario, which are discussed with the team:
- What are their concerns?
- What is their role?
- How should this incident be classified?
- To whom should they communicate?
- What message should they communicate?
- What questions would they like to ask?
The second scenario is one in which the entire plan is examined from the very beginning. This scenario illustrates to the nontechnical team members what would have happened before the entire team is called together.
Sample Topics Presented During Training
The following or similar topics are covered during training to ensure that the team understands the plan and has a good grasp of how to respond in the event of a cyber security incident.
- Operating the IR Plan
- Response by Incident Type (e.g., an operations incident vs. a security breach)
- Communications Management
- Managing Priorities
- Key activities per phase
- Escalation Procedures
- Notification Obligations
- Lessons Learned
This cyber security training fulfills your requirements for an annual test of your IR plan and provides training for new staff. The custom tabletop exercises for your industry and based on your run books also fulfill your incident response training requirement by cyber insurance carriers.
”Your staff is incredible. They are excellent to work with.”
HALOCK’s overall strategic approach – Purpose Driven Security®, helps define reasonable security – the right amount of security to protect critical assets. It brings together a full perspective of an organization to establish what is reasonable and appropriate to manage risk.
- Security controls implemented should encompass the necessary balance of compliance, business objectives, and obligations on how they affect all parties. Not all security controls should be implemented, and those that are should be implemented only to a certain degree depending on the calculated risk being treated.
- Organizations have an obligation to perform proactive due care to reduce liability for shareholders, clients, partners, employees and the greater good, as appropriate. Thus, businesses need to take into consideration on cyber threats that are foreseeable, which HALOCK can help identify and establish reasonable safeguards.
HALOCK Breach Bulletins
Read HALOCK overviews and analyses about recent data breaches to understand what are common threats and attacks that may impact your organization – featuring description, indicators of compromise (IoC), containment, and prevention.