CIRP & Tabletop Testing

Calvetti Ferguson helps you reduce the duration and impact of cyber attacks by helping you develop and practice your response plan. Our highly qualified team has helped hundreds of organizations manage cyber attacks, intrusions, and breaches. Their experience can help you avoid significant financial, reputational, and operational damage.

What is a Cyber Incident Response Plan?

A cyber incident response plan (CIRP) establishes the framework for how a company organizes, resources, and structures the response to a cybersecurity incident. During the chaos of a cyber incident, there is an overarching need to establish the initiative over the threats that are faced. The CIRP enables a company to methodically work through the lifecycle of an incident to bring it to a conclusion in an effective and efficient manner.

The CIRP is developed by engaging the logical stakeholders that may be involved in a major cybersecurity incident. This may include stakeholders such as legal, finance, human resources, corporate communications, business operations, various information technology teams, the cybersecurity team, and others. The CIRP will align with the strategic objectives of the company and the operational imperatives that must be considered while resolving a crisis.

Key aspects of a CIRP will include, at a minimum:

• Composition of the incident response team
• Lifecycle of the incident response process for the company
• Communication plan
• Operational tempo during an incident response
• Incident severity designations and descriptions
• Legal considerations
• Incident response team operation

What is a Tabletop Exercise?

A tabletop exercise (TTX) is a training event helping the incident response team rehearse the CIRP. It involves developing a customized scenario that addresses the scope and goals of the company for the event. This scenario is then delivered to the participants in a way that exposes them to elements of the incident scenario in a way similar to an actual cybersecurity incident.

Done correctly, the TTX scenario is built using actual incident threat tactics as the starting point. This results in the exercise participants engage in and respond to a realistic incident as it could occur within their company. In addition, lessons learned can feed into planning so that the processes improve over time.

The TTX is facilitated in a way that works toward identifying strengths that the company demonstrates during the event, as well as exposing areas that may be a potential gap and should be considered for enhancement. These strengths and gaps frequently span the concepts of staffing, technologies, policies, and corporate procedures. Following the conclusion of the TTX, the client is delivered a report that details the findings that were revealed during the training event.