Our Thinking About Cyber Resilience – BE READY!
We believe you should always be ready to respond to a cyber incident. No matter how high you build the walls protecting your domain, it is only a matter of time before an adversary gets in.
We take a risk-based approach to improving your resilience. Using an efficient modular process, we evaluate your vulnerabilities, look at your plans, exercise them and then design strategies with you to address any identified gaps.
We use a unique Sand Table™ Cyber Resilience Game to test your plan, enhance your incident management skills, and to practice your response multiple times and in multiple ways. This video explains how the Sand Table™ Cyber Resilience Game works. A key feature of the game is the ability to practice multiple scenarios and conduct many iterations within the same setting to help you experiment with different procedures.
We will work hard to identify your gaps and vulnerabilities to help you fill-in where your adversary may attack.
Collaboration and Gaming Is the Key to Being Ready
Sand Table™ Resilience Games bring all stakeholders to the table to play. It gives participants the opportunity to see each other in action and to build trust. The game context creates realistic stress and a competitive urge by players to win against multiple adversaries and to mitigate compromise to the extent possible.
The Game improves collaboration because it drives many resource considerations and tasks. It rewards working together in a unified way to mitigate consequences.
Cyber Incident management requires a multidisciplinary approach that includes all parts of the Enterprise. Establishment of a formal incident management framework is a requirement within key federal, state and industry standards for information security such as the International Standards Organization (ISO) 27002/3, the Health Insurance Portability and Accountability Act (HIPAA), PCI DSS, and others.
We work together with you to establish a comprehensive and formal incident response framework based on defined and managed processes for incident notification, communications, documentation, lessons learned, training, testing and auditing.
In our approach, we normally:
- Facilitate a Kick-off Meeting and provide a project plan. We will work with your representative to organize a stakeholder group and execute a kick-off meeting and then deliver a project plan that communicates project milestones.
- We review your current incident response practices, processes and documentation and any other specified inputs you require.
- Conduct a Gap Analysis against Standards of Good Practice and compliance with regulations, which apply to your organization and are based on industry best practices specifically NIST and ISO/IEC 27001.
- Develop new programmatic components with the establishment and implementation of comprehensive, defined, managed, and measurable incident response processes.
- Develop new or amend or enhance existing security policies and practices for incident response.
- Develop a customized Incident Response Plan and methodology guide (based on the Agency’s requirements, State and Federal law, industry-leading policies, guidelines, and processes) to provide a step-by-step process for detecting and responding to incidents occurring within your organization. The Incident Response Plan will serve as a roadmap for an effective incident response. The Incident Response Plan will include a methodology guide that uses decision matrices to help the incident response team to establish the incident severity, to identify escalation areas, and to highlight management decision points.
- Develop documentation tools, operational procedures, and incident handling guides and system administrator runbooks that will provide consistent and repeatable guidance for the incident response team.
- Harmonize existing incident response structures, plans, and guidance documents with the refined Incident Response Plan objectives.
- Facilitate an exercise for your management team to rehearse and test the Cyber Incident Response Plan.
- Our objective is to help you develop the effective use and awareness of the Incident Response Plan and to identify gaps and report on results, observations and recommendations.
- We help you develop your cyber response capability using our unique SandTable™ Cyber Resilience Game for both the technical experts and business executives involved in incident response, with the objective of covering all aspects of incident response with respect to established scenarios.
- Finally, we believe specific criteria should be the basis of all evaluations. Following the exercise we provide a criterion referenced After Action Review that highlights capabilities, identifies gaps and recommends necessary activities, such as training, to close those gaps.
More About the Sand Table Cyber Resilience Game
Sand Table™ Resilience Games provide an improvement over traditional table top exercises. Our Gaming provides more dynamic outcomes by introducing unanticipated activities that responder-players must adapt to and overcome.
Network defenders guard their domain against multiple adversaries. They play their cards, roll the dice and work with other defender resources to defend against or neutralize the adversary. Playing cards are designed to provide realistic outcomes without the script contained in traditional exercises. Because there are no scripted plays, no two games are alike.
Designed to be easily repeatable, Sand Table Resilience Games are inexpensive and easy to set up. Our trained facilitators will take you through a tactical scenario that we guarantee will test your team.