MITRE released a new edition of its book on “the way security operations is done”, 11 Strategies of a World-Class Cybersecurity Operations Center. The book covers the fundamentals and field proven strategies to assist organizations enhance their ability to find, analyze, and respond to cyber threats proactively and reactively through their Security Operations Center (SOC). One such strategy is Table Top Exercises (TTX).
What is a SOC?
It’s an organization’s cyber defense. Its core mission is identifying and responding to potential cyber threats through preventive measures like scanning for vulnerabilities, detecting intrusions and hunting for adversaries within the security perimeter, and responding to potential incidents coordinating resources across the organization. Incident Response (IR) requires a combination of people, processes and technology beyond the SOC, from across the organization to ensure security breaches are minimized in terms of financial, reputational and legal exposure. The CISO / CIO will have their SOC play a vital role in promoting situational awareness within an organization, turning up the volume on cyber readiness and cyber resilience.
Turn up the volume with Table Top Exercises
Getting ahead of the adversary requires, not only the SOC, but the entire organization to be familiar with the incident response plans and develop an awareness of decisions that need to be made during a potential security breach.
Strategy 11 in the MITRE book recommends continuously improving SOC operations through the use of Table Top Exercises, a discussion based awareness activity to go over cyber incident scenarios where relevant organizational roles and responsibilities meet to practice preparedness including testing plans, policies, and procedures. The objective of a TTX is simple: people who are not familiar with incident response become familiar, and develop an understanding of the role of the SOC, their role and the role of other functions.
As with all exercises, setting up a relevant and successful TTX entails planning and preparation whereby consideration is given to:
- Ensuring ownership and event management for success
- Finding the right person to facilitate and run it
- Injecting new elements relevant to the scenario and the participants
- Tailoring to the participants and keeping everyone within the scenario’s bounds
- Capturing findings and developing an actionable report for improved cyber readiness
- Being flexible so the organization gets maximum learnings from the event
NIST SP 800-84 and NIST 800-61r2 standards provide standards and guidance for your TTX. Alternatively, consider bringing in an expert.
OpenText, trusted advisor
Experts in cyber readiness and cyber resilience, OpenText provides unbiased and independent guidance to unearth gaps and challenges. Our risk and compliance experts conduct TTX for a relatively low cost and while not in the fog of actual incidents.
Recently, we assisted a prominent State University improve plans, policies, and procedures, and thereby improving its compliance scoring with governmental auditors. Working with the CISO and SOC management, our facilitators designed various scenarios to exercise key areas of concern and ensure better organizational preparedness.
Learn more how OpenText Security Consulting Services guide customers with Table Top Exercises and assist with world-class cybersecurity operations centers, visit Security Services | OpenText.