What do you think?
Rate this book
Cybersecurity Tabletop Exercises: From Planning to Execution
The complete start-to-finish guide for planning and delivering successful cybersecurity tabletop exercises.
One of the most effective ways an organization can prepare for cybersecurity incidents and test out their response processes are “tabletop exercises,” commonly used to discuss various actions in a hypothetical emergency. Veteran security consultants Robert Lelewski and John Hollenberger have run hundreds of such exercises, and they’ve now boiled down their vast experience planning these mission-critical events into the Tabletop Exercises handbook. Designed to take you from start to finish, the book’s chapters are arranged linearly — from management’s initial request to after-action review activities — empowering you to understand each and every necessary step for ensuring your tabletop is a true success.
You’ll see how to design a scenario that properly evaluates your team’s existing controls, pinpoints your weaknesses, and encourages collaboration. You’ll also examine the logistics of planning the event itself, develop effective facilitation skills, and explore ways of making process changes based on the tabletop’s outcomes. Along the way, you’ll
Who to invite to your tabletop event, and whyPreparatory steps, like getting an executive sponsor and forming a development teamHow to properly create a realistic tabletop exercise scenarioFacilitation strategies, such as audience interaction and managing the discussion
This essential soup-to-nuts resource also includes example scenarios geared at varying audiences at different levels — including infosec analysts, tech team members, non-technical employees, and executives — that you can easily adapt for your own organization depending on the goals of your tabletop.
One of the most effective ways an organization can prepare for cybersecurity incidents and test out their response processes are “tabletop exercises,” commonly used to discuss various actions in a hypothetical emergency. Veteran security consultants Robert Lelewski and John Hollenberger have run hundreds of such exercises, and they’ve now boiled down their vast experience planning these mission-critical events into the Tabletop Exercises handbook. Designed to take you from start to finish, the book’s chapters are arranged linearly — from management’s initial request to after-action review activities — empowering you to understand each and every necessary step for ensuring your tabletop is a true success.
You’ll see how to design a scenario that properly evaluates your team’s existing controls, pinpoints your weaknesses, and encourages collaboration. You’ll also examine the logistics of planning the event itself, develop effective facilitation skills, and explore ways of making process changes based on the tabletop’s outcomes. Along the way, you’ll
Who to invite to your tabletop event, and whyPreparatory steps, like getting an executive sponsor and forming a development teamHow to properly create a realistic tabletop exercise scenarioFacilitation strategies, such as audience interaction and managing the discussion
This essential soup-to-nuts resource also includes example scenarios geared at varying audiences at different levels — including infosec analysts, tech team members, non-technical employees, and executives — that you can easily adapt for your own organization depending on the goals of your tabletop.
- GenresTechnology
178 pages, Kindle Edition
Published October 29, 2024
9 people are currently reading
22 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 2 of 2 reviews
November 23, 2024
Cybersecurity is a trending business topic due to the incredible growth of the IT industry and the Internet. It affects almost every professional domain, whether in the business, healthcare, or financial sectors. Perhaps the biggest risk facing companies today is having their IT systems compromised in some way involving secure data – a very broad vulnerability. To limit or prevent harm, a company’s leaders can engage in “tabletop exercises” to run through common scenarios. These exercises engage leaders from the C suite, management, and technical leaders and try to overcome initial obstacles to promote better responses when crises inevitably occur.
This book is divided into two parts: the pragmatics of running a tabletop-exercise session and example scenarios to run through based on different audiences. Setting up a session (Part I) discusses things like who to involve, how to organize content, how to handle related politics, how to document, and how to arrange the room. These people-oriented topics engage leaders who want to ensure that the session executes properly.
As a software person, I found the example scenarios in Part II most interesting. They are divided for three audiences: technical, executive, and managers. The authors derive the scenarios from real-world events and suggest that readers adapt them for their specific industries and companies. They center around common cybersecurity threats like phishing, malware, and ransomware. Each provides a first draft of an outline to adapt and question prompts for discussion.
This book is specifically aimed towards cybersecurity professionals and leaders at their given institutions. As someone involved in software creation, I do not fit that audience. But like many others, cybersecurity deeply affects my work, and I grew from considering this topic in more depth, particularly by the example exercises in Part II. I doubt I will ever run a tabletop exercise, but perhaps I will be involved in one! Either way, I’m glad I thought through how this trending topic affects all of us.
This book is divided into two parts: the pragmatics of running a tabletop-exercise session and example scenarios to run through based on different audiences. Setting up a session (Part I) discusses things like who to involve, how to organize content, how to handle related politics, how to document, and how to arrange the room. These people-oriented topics engage leaders who want to ensure that the session executes properly.
As a software person, I found the example scenarios in Part II most interesting. They are divided for three audiences: technical, executive, and managers. The authors derive the scenarios from real-world events and suggest that readers adapt them for their specific industries and companies. They center around common cybersecurity threats like phishing, malware, and ransomware. Each provides a first draft of an outline to adapt and question prompts for discussion.
This book is specifically aimed towards cybersecurity professionals and leaders at their given institutions. As someone involved in software creation, I do not fit that audience. But like many others, cybersecurity deeply affects my work, and I grew from considering this topic in more depth, particularly by the example exercises in Part II. I doubt I will ever run a tabletop exercise, but perhaps I will be involved in one! Either way, I’m glad I thought through how this trending topic affects all of us.
September 13, 2024
This is the best book I have ever read about tabletop exercises. The book gave a tonne of details about how to create one from scratch including the technical and non-technical scenarios. How to use injects effectively and how to weave a great conversation with timely questions. I spent so much time thinking about how to implement each scenario I think I had to reread a couple chapters multiple times. This is a must read for all blue-team, and security managers.
Displaying 1 - 2 of 2 reviews