Tabletop exercises are a great way to practice your security processes. If you are like most businesses, you can’t really afford to have your network go down or worse; lose your data. Many businesses have security processes in place that allow them to recover from an event. These events may be natural disaster based or cyber attacks. Depending on the type of business you have, there are different levels of recovery that are required. A tabletop exercise is a great way to practice your security policies without actually compromising your network or data. There are a couple of reasons to perform this practice. The biggest reason is that it lets you walk through the recovery plan that you have put in place. This is critical because it allows you to validate if your plan will work when you need it. If you do not ever practice your recovery plan, you will not find gaps in it until it is too late. By practicing a tabletop exercise, it gives you the ability to poke holes in your process and validate if your original plan works or not.
Tabletop exercises are not just for businesses. Anyone can create a plan for their home network and personal data. In fact, there really is no reason why you should not have a recovery plan for home. Once you have a recovery plan in place, you can then practice the tabletop exercise. I will not go into much details about what should be in your recovery plan as that is a topic for its own independent article, but some things to consider are documenting your data backup plans. How you detect intrusions to your network. Your important programs, services, and data should be well documented and if possible, you should have a remote location for a backup of all your data and configurations. Once you have all that information documented, you also want to document your process for recovering from an attack or loss. If you need to replace physical hardware, you should have either extras available, or at least documentation for how to replace those physical assets. Things that come to mind are hard drives, routers, switches, any other physical items that are part of your network or store your data.
With your recovery process in hand, it is time to actually walk through the plan in a typical tabletop exercise. Start by getting everyone together that needs to be a part of your recovery. Everyone that has a role to play should be present and they should have a copy of the recovery plan. Partaking in the tabletop exercise is straight forward. You go line by line and people act out their part. They pretend to do the action being requested with hopes of either finding gaps in the process or confirming that their plan will work. This is a great way to see how well you are set up to recover from an intrusion without actually breaking your system. You should go through your recovery plan any time you add to your network or at least every six months. Participating in a tabletop exercise should become second nature. When an actual attack does occur, the only thing in your head is worrying about the money being lost due to your services being down. This can cloud your judgment and your technical abilities to recover. By having practiced your actions, it can reduce some of the stress encountered when trying to actually recover a system.