#172 - Table Top Exercises
G Mark Hardy & Ross YoungEpisode Description
This episode of CISO Tradecraft, hosted by G Mark Hardy, delves into the concept, significance, and implementation of tabletop exercises in improving organizational security posture. Tabletop exercises are described as invaluable, informal training sessions that simulate hypothetical situations allowing teams to discuss and plan responses, thereby refining incident response plans and protocols. The podcast covers the advantages of conducting these exercises, highlighting their cost-effectiveness and the crucial role they play in crisis preparation and response. It also discusses various aspects of preparing for and executing a successful tabletop exercise, including setting objectives, selecting participants, creating scenarios, and the importance of a follow-up. Additionally, the episode touches on compliance aspects related to SOC 2 and the use of tabletop exercises to expose and address potential organizational weaknesses. The overall message underscores the importance of these exercises in preparing cybersecurity teams for real-world incidents.
Outline & References:
https://docs.google.com/document/d/13Qj4MOjPxWz9mhQCDQNBtoQwrXdTeIEf
Transcripts: https://docs.google.com/document/d/1yfmZALQfkhQCMfp9ao3151P9L2XcEXFm/
Chapters
- 00:00 Introduction
- 00:47 The Importance of Tabletop Exercises
- 01:53 The Benefits of Tabletop Exercises
- 03:06 How to Implement Tabletop Exercises
- 05:30 The Role of Tabletop Exercises in Compliance
- 08:24 The Participants in Tabletop Exercises
- 09:25 The Preparation for Tabletop Exercises
- 16:57 The Execution of Tabletop Exercises
- 21:58 Understanding Roles and Responsibilities in an Exercise
- 22:17 The Importance of a Hot Wash Up
- 23:36 Creating an After Action Report (AAR)
- 24:06 Implementing an Action Plan
- 24:34 Example Scenario: Network Administrator's Mistake
- 25:08 Formulating Targeted Questions for the Scenario
- 26:36 The Role of Innovation in Tabletop Exercises
- 27:11 The Connection Between Tabletop Exercises and Compliance
- 29:18 12 Key Steps to a Successful Exercise
- 30:43 The Importance of Realistic Scenarios
- 34:05 The Role of Communication in Crisis Management
- 37:33 The Impact of Cyber Attacks on Operations
- 39:57
More Episodes
-
0#178 - Cyber Threat Intelligence (with Jeff Majka & Andrew Dutton)
-
0#177 - 2024 CISO Mindmap (with Rafeeq Rehman)
-
0#176 - Reality-Based Leadership (with Alex Dorr)
-
0#175 - Navigating NYDFS Cyber Regulation
-
0#174 - OWASP Top 10 Web Application Attacks
-
0#173 - Mastering Vulnerability Management
-
0#171 - Navigating Software Supply Chain Security (with Cassie Crossley)
-
0#170 - Responsibility, Accountability, and Authority
-
0#169 - MFA Mishaps
-
0#168 - Cybersecurity First Principles (with Rick Howard)
-
0#167 - Cybersecurity Apprenticeships (with Craig Barber)
-
0#166 - Cyber Acronyms You Should Know
-
0#165 - Modernizing Our SOC Ingest (with JP Bourget)
-
0#164 - The 7 Lies in Cyber
-
1#163 - Operational Resilience
-
0#162 - CISO Predictions for 2024
-
0#161 - Secure Developer Training Programs (with Scott Russo) Part 2
-
0#160 - Secure Developer Training Programs (with Scott Russo) Part 1
-
0#159 - Refreshing Your Cybersecurity Strategy
-
0#158 - Building a Data Security Lake (with Noam Brosh)
-
0#157 - SOC Skills (with Hasan Eksi) Part 2
-
0#156 - SMB CISO Challenges (with Kevin O’Connor)
-
0#155 - SOC Skills (with Hasan Eksi) Part 1
-
0#154 - Data Protection (with Amer Deeba)
-
0#153 - Game-Based Learning (with Andy Serwin & Eric Basu)
-
0#152 - Speak My Language (with Andrew Chrostowski)
-
0#151 - Cyber War
-
0#150 - Measuring Results
-
1#149 - Board Perspectives
-
0#148 - Threat Modeling (with Adam Shostack)
-
0#147 - Betting on MFA
-
0#146 - Living in a Materiality World
-
0#145 - The Cost of Cyber Defense
-
2#144 - Handling Regulatory Change
-
0#143 - Authentication, Rainbow Tables, and Password Managers
-
0#142 - Powerful Questions
-
0#141 - Emerging Risks (with The Chertoff Group)
-
0#140 - Bobby the Intern
-
0#139 - Insider Threat Operations (with Jim Lawler)
-
0#138 - Updating the Mindmap (with Rafeeq Rehman)
-
0#137 - 1% Better Leadership (with Andy Ellis)
-
0#136 - From Hacking to Hardcover (with Bill Pollock)
-
0#135 - Board Decks (with Demetrios Lazarikos)
-
0#134 - Ransomware Response (with Ricoh Danielson)
-
0#133 - The Seesaw of Cyber Recruiting (with Lee Kushner)
-
0#132 - Founding to Funding (with Cyndi and Ron Gula)
-
0#131 - Framing Executive Discussions
-
0#130 - Financial Planning (with Logan Jackson)
-
0#129 - Protecting Your Family
-
0#128 - How do CISOs spend their time?
-
0#127 - How to Stop Bad Guys from Staying on Your Network (with Kevin Fiscus)
-
0#126 - ChatGPT & Generative AI (with Konstantinos Sgantzos)
-
0#125 - Cyber Ranges (with Debbie Gordon)
-
0#124 - Simple, Easy, & Cheap Cybersecurity Measures (with Brent Deterding)
-
0#123 - Accepted Cyber Strategy (with Branden Newman)
-
0#122 - Methodologies for Analysis (with Christopher Crowley)
-
0#121 - Legal Questions (with Evan Wolff)
-
0#120 - Negotiating Your Best CISO Package (with Michael Piacente)
-
0#119 - Ethics (with Stephen Northcutt)
-
0#118 - Data Engineering (with Gal Shpantzer)
-
0#117 - Good Governance (with Sameer Sait)
-
0#116 - A European view of CISO responsibilities (with Michael Krausz)
-
0#115 - The Business Case for a Global Lead of Field Cybersecurity (with Joye Purser)
-
0#114 - One Vendor to Secure Them All
-
0#113 - SAST Security (with John Steven)
-
0#112 - Attack Surface Management (with Richard Ford)
-
0#111 - Leading with Style
-
0#110 - CISO Predictions for 2023
-
0#109 - The Right Stuff
-
0#108 - Show Me The Money (with Nick Vigier)
-
0#107 - Consolidating Vulnerability Management (with Jeff Gouge)
-
0#106 - How to Win Your First CISO Role
-
0#105 - Start Me Up (with Bob Cousins)
-
0#104 - Breach and Attack Simulation (with Dave Klein)
-
0#103 - Listening to the Wise (with Bill Cheswick)
-
0#102 - Mentorship, Sponsorship, and A Message to Garcia
-
0#101 - SaaS Security Posture Management (with Ben Johnson)
-
0#100 - 7 Ways CISOs Setup for Success
-
0#99 - Cyberwar and the Law of Armed Conflict (with Larry Dietz)
-
0#98 - Outrunning the Bear
-
0#97 - Mobile Application Security (with Brian Reed)
-
0#96 - The 9 Cs of Cyber
-
0#95 - Got any Data Security (with Brian Vecci)
-
0#94 - Easier, Better, Faster, & Cheaper Software
-
0#93 - How to Become a Cyber Security Expert
-
0#92 - Updating the Executive Leadership Team on Cyber
-
0#91 - Hacker Summer Camp
-
0#90 - A CISO’s Guide to Pentesting
-
0#89 - Connecting the Dots (with Sean Heritage)
-
0#88 - Tackling 3 Really Hard Problems in Cyber (with Andy Ellis)
-
0#87 - From Hunt Team to Hunter (with Bryce Kunz)
-
0#86 - The CISO MindMap (with Rafeeq Rehman)
-
0#85 - The Fab 5 Security Outcomes Study (with Helen Patton)
-
0#84 - Gaining Trust (with Robin Dreeke)
-
0#83 - Cyber Defense Matrix Reloaded (with Sounil Yu)
-
0#82 - Cyber Defense Matrix (with Sounil Yu)
-
0#81- Career Lessons from a CISO (with John Hellickson)
-
0#80 - Breaking Backbones (with Deb Radcliff)
-
0#79 - Addressing the Top CEO Concerns
-
0#78 - Business Objectives & 5 CISO Archetypes (with Christian Hyatt)
-
0#77 - Countering Corporate Espionage
-
0#76 - The Demise of the Cybersecurity Workforce
-
0#75 - Avoiding Death By PowerPoint
-
0#74 - Pass the Passwords
-
0#73 - Wonderful Winn Schwartau
-
0#72 - Logging In with SIEMs (with Anton Chuvakin)
-
0#71 - Lessons Learned as a CISO (with Gary Hayslip)
-
0#70 - Partnership is Key
-
0#69 - Aligning Security Initiatives with Business Objectives
-
0#68 - Thought Provoking Discussions (with Richard Thieme)
-
0#67 - Knock, Knock? Who’s There and Whatcha Want?
-
0#66 - Working On The Supply Chain Gang
-
0#65 - Shall We Play A Game?
-
0#64 - 3 Keys to Being a CISO (with Allan Alford)
-
0#63 - Flirting with Disaster
-
0#62 - Promotion Through Politics
-
0#61 - Presentation Skills
-
0#60 - CISO Knowledge Domains Part 2
-
0#59 - CISO Knowledge Domains Part 1
-
0#58 - Active Directory is Active with Attacks
-
0#57 - Brace for Audit
-
0#56 - Say Firewall One More Time
-
0#55 - I have more Agents than the FBI
-
0#54 - The Great Resignation
-
0#53 - Fun and Games to Stop Bad Actors (with Dr. Neal Krawetz)
-
0#52 - Welcome to the C-Level (with Nate Warfield)
-
0#51 - New Kid in Town (with Rebecca Mossman)
-
0#50 - Border Gateway Protocol (BGP)
-
0#49 - Cyberlaw Musings (with Mark Rasch)
-
0#48 - Effective Meetings
-
0#47 - More Risky Business with FAIR
-
0#46 - Crisis Leadership with G Mark Hardy‘s 9/11 Experience
-
0#45 - Protecting your Crown Jewels (with Roselle Safran)
-
0#44 - Intro to Docker Containers and Kubernetes (K8s)
-
0#43 - Cyber Deception (with Kevin Fiscus)
-
0#42 - Third Party Risk Management (with Scott Fairbrother)
-
0#41 - Got any Threat Intelligence?
-
0#40 - Risky Business
-
0#39 - Stressed Out? Find your Ikigai and 6 Invaluable Factors
-
0#38 - CMMC and Me
-
0#37 - Cyber Security Laws & Regulations
-
0#36 - IPv6 Your Competitive Advantage (with Joe Klein)
-
0#35 - Setting Up an Application Security Program
-
0#34 - Metrics that Matter
-
0#33 - 10 Steps to Cyber Incident Response Playbooks
-
0#32 - Brace for Incident (with Bryan Murphy)
-
0#31 - Executive Order on Improving the Nation’s Cybersecurity
-
0#30 - Cloud Drift (with Yoni Leitersdorf)
-
0#29 - Identity and Access Management is the New Perimeter
-
0#28 - AI and ML and How to Tell When Vendors Are Full of It
-
0#27 - Roses, Buds, & Thorns
-
0#26 - Blockchain for CISOs
-
0#25 - Slay the Dragon or Save the Princess?
-
0#24 - Everything you wanted to know about Ransomware
-
0#23 - NSA’s Top 10 Cybersecurity Mitigation Strategies
-
0#22 - Modern Software Development Practices
-
0#21 - Your First 90 Days as a CISO (with Mark Egan)
-
0#20 - Zero Trust
-
0#19 - Team Building
-
0#18 - Executive Presence
-
0#17 - Global War on Email
-
0#16 - The Essential Eight
-
0#15 - IT Governance
-
0#14 - How to Compare Software
-
0#13 - Executive Competencies
-
0#12 - The Three Ways of DevOps
-
0#11 - Cryptography
-
0#10 - Securing the Cloud
-
0#9 - Introduction to the Cloud
-
0#8 - Crucial Conversations
-
0#7 - DevOps
-
4#6 - Change Management
-
0#5 - Cyber Frameworks
-
0#4 - Asset Management
-
0#3 - How to Read Your Boss
-
0#2 - Principles of Persuasion
-
0#1 - What is a CISO?
Comments (0)
0/500New Comments(0)
What do you think of this episode? -
Please Select A Playlist
Add New Playlist
Share on
- Embed How to use?
- Copy Link
Embed: Love & Light EP
Custom Size :
- Default
- Desktop(300*600)
- Mobile(300*250)
Type :
- HTML/HTML5 (WordPress Supported)
Congratulations! You have successfully activated Boomplay 1 Month Premium.
Please check your balance and then try again.
Payment is being processed by . Please wait while the order is being comfirmed.
- Completed: Your order has been successfully paid.
- Cancelled: Your expired order will turn to "Cancelled".
- Failed: Your order was not successfully processed due to payment error.
- Processing: Your order is processing, and it may take a few days for the service provider to handle your payment. Once it notifies us the payment result, we will change the status of the order.