Turn up the volume with Table Top Exercises

MITRE released a new edition of its book on “the way security operations is done”, 11 Strategies of a World-Class Cybersecurity Operations Center. The book…

Marc St-Pierre profile picture
Marc St-Pierre

June 7, 20223 minute read

MITRE released a new edition of its book on “the way security operations is done”, 11 Strategies of a World-Class Cybersecurity Operations Center. The book covers the fundamentals and field proven strategies to assist organizations enhance their ability to find, analyze, and respond to cyber threats proactively and reactively through their Security Operations Center (SOC). One such strategy is Table Top Exercises (TTX).

What is a SOC?

It’s an organization’s cyber defense. Its core mission is identifying and responding to potential cyber threats through preventive measures like scanning for vulnerabilities, detecting intrusions and hunting for adversaries within the security perimeter, and responding to potential incidents coordinating resources across the organization. Incident Response (IR) requires a combination of people, processes and technology beyond the SOC, from across the organization to ensure security breaches are minimized in terms of financial, reputational and legal exposure. The CISO / CIO will have their SOC play a vital role in promoting situational awareness within an organization, turning up the volume on cyber readiness and cyber resilience.

Turn up the volume with Table Top Exercises

Getting ahead of the adversary requires, not only the SOC, but the entire organization to be familiar with the incident response plans and develop an awareness of decisions that need to be made during a potential security breach.

Strategy 11 in the MITRE book recommends continuously improving SOC operations through the use of Table Top Exercises, a discussion based awareness activity to go over cyber incident scenarios where relevant organizational roles and responsibilities meet to practice preparedness including testing plans, policies, and procedures. The objective of a TTX is simple: people who are not familiar with incident response become familiar, and develop an understanding of the role of the SOC, their role and the role of other functions.

As with all exercises, setting up a relevant and successful TTX entails planning and preparation whereby consideration is given to:

  • Ensuring ownership and event management for success
  • Finding the right person to facilitate and run it
  • Injecting new elements relevant to the scenario and the participants
  • Tailoring to the participants and keeping everyone within the scenario’s bounds
  • Capturing findings and developing an actionable report for improved cyber readiness
  • Being flexible so the organization gets maximum learnings from the event

NIST SP 800-84 and NIST 800-61r2 standards provide standards and guidance for your TTX. Alternatively, consider bringing in an expert.

OpenText, trusted advisor

Experts in cyber readiness and cyber resilience, OpenText provides unbiased and independent guidance to unearth gaps and challenges. Our risk and compliance experts conduct TTX for a relatively low cost and while not in the fog of actual incidents.

Recently, we assisted a prominent State University improve plans, policies, and procedures, and thereby improving its compliance scoring with governmental auditors. Working with the CISO and SOC management, our facilitators designed various scenarios to exercise key areas of concern and ensure better organizational preparedness.

Learn more how OpenText Security Consulting Services guide customers with Table Top Exercises and assist with world-class cybersecurity operations centers, visit Security Services | OpenText.

Share this post

Share this post to x. Share to linkedin. Mail to
Marc St-Pierre avatar image

Marc St-Pierre

Marc leads the OpenText Global Consulting Practice for Cybersecurity which delivers Risk & Compliance Advisory, Digital Forensics & Incident Response and various Managed Security Services. His mission is to promote Cyber Resilience and provide business partners with advice, guidance and assistance to achieve Digital Resilience & Trust. In his 15 years with OpenText, he has developed teams and built solutions in areas of Artificial Intelligence, LegalTech, Linguistics & Translation and now Cybersecurity. He has lectured on semantic technologies and lead growth of OpenText with innovations such as Ai-Augmented Voice of the Customer, Magellan Search+ and Managed Extended Detection & Response.

See all posts

More from the author

Enhancing Security Operations with OpenText Cybersecurity Services

Enhancing Security Operations with OpenText Cybersecurity Services

In today’s hyper-connected digital landscape, the proliferation of devices and applications has expanded the attack surface for potential cybersecurity threats. Cyberattacks are on track to…

4 minute read

Ensuring compliance with the NIS2 Directive 

Ensuring compliance with the NIS2 Directive 

In an increasingly digital world, the security of network and information systems is paramount. The European Union’s NIS2 Directive, a successor to the original NIS…

4 minute read

Understanding MITRE ATT&CK and Tidal Cyber Vendor Registry

Understanding MITRE ATT&CK and Tidal Cyber Vendor Registry

In the ever-evolving cybersecurity landscape, staying ahead of the growing number of threats is a continuous challenge. Two critical resources in this fight are the…

5 minute read

Stay in the loop!

Get our most popular content delivered monthly to your inbox.

Sign up