Tabletop Attack Scenario Exercise (TASE)
breach experience for the extended team
Without experiencing the breach
How it works:
- Create an actual attack scaled back to a reasonable sample size
- Moderated and observed by Groman Cyber
- The scenario is specially crafted for you in order to test your processes and identify gaps
- Participants include members of IT, Security, HR, Legal, Marketing and Communications, Crisis Management, and Executive Leadership
- TASE is the ONLY exercise and forum that helps prepare the entire team
Benefits of a tabletop exercise:
- Bring attention to the areas you need your leadership to help you address
- Identify gaps in your technical processes and make your incident response plan bulletproof
- Exercise your internal communications and escalations procedures and know that every team is up to speed on your current practices
- Build muscle memory that your team will rely on in a breach
- Determine touch points with vendors and partners and identify information they’ll need and deliverables they can provide
- Determine how you manage business operations during a major incident
- Run through scenarios that your team hasn’t seen – before they see it in an actual breach
Interested in having us run a tabletop exercise?
Schedule a time to discuss
Example Scenarios:
- Ransomware
- Advanced attacker
- Industrial control system attack
- Malware outbreak
- Disruptive/Destructive attack
- Data Exfiltration
- PHI Disclosure
- Cardholder data attack
- Attack via Third Party connection
- Insider threat
Case Study: Healthcare Org Hit by Advanced Attacker
The scenario started with an Internet facing host getting compromised. At first the situation looks like a ransomware attack, but that turns out to be a smoke screen.
The attacker moves further into the network and finds a large source of PHI leading to an exfiltration event. At this point, the Security Director realizes she needs to start the HIPAA notification process. A key injection in this scenario had her CEO asking about their notification requirements to all of their business partners.
This led to a discussion of how they could determine their notification timelines across partners and states. Who could help the security director put this together? Legal, procurement, or whether her team would need to look at each contract separately and build the list manually.
This exercise led the company to purchase a tool and build processes for maintaining this information in case of an actual PHI breach.