Back to Service Library
Service Catalog / Strategic Advisory & Professional Services / IR Readiness / Incident Response Tabletop Testing
161TST Base

Incident Response Tabletop Testing

On this page

    Service Overview

    The DeepSeas Incident Response Testing Service ("IR Test") employs realistic incident scenarios to i) evaluate the Client's technical ability to effectively detect and respond to a cyber breach; and ii) test the Client's incident response processes and the efficacy of key IR roles. 

    Objectives

    The objectives of this service are to:

    1. Test the Client's incident response plan; 
    2. Practice minimizing the impacts and damage from a security breach; 
    3. Practice expediting recovery from an incident; and
    4. Rehearse compliance with regulatory requirements relating to data breach notifications and reporting.

    Methodology

    The IR Test is based on the following standards and regulations:

    • NIST SP 800-61 Computer Security Incident Handling Guide
    • US-CERT Federal Incident Notification Guidelines
    • Other federal and state statutes, as applicable

    The IR Test methodology typically consists of the following phases: 

    1. Initialization Meeting: DeepSeas will host an initialization meeting to review the objectives, methodology, scope, and deliverables outlined in the Statement of Work. 
    2. Scenario Planning – DeepSeas will prepare to conduct an effective tabletop exercise, with scenario development based on the Client's needs and environment. 
    3. Incident Response Tabletop - DeepSeas will conduct interactive incident response exercises, employing moderators and coaches and leveraging any relevant documents, materials and artifacts.
    4. Post-Exercise Review - DeepSeas will host a meeting with key Client stakeholders to review results of the tabletop exercise and align on recommendations for improvements to incident response plan and procedures.

    Deliverables

    DeepSeas will deliver a Findings Report detailing any gaps identified in the Client's incident response plan during the course of the tabletop exercises and providing recommendations for remediating such gaps. 

    Client Responsibilities

    The Client shall be responsible for the following items, in accordance with agreed-upon timelines established in the project plan: 

    • Scheduling and coordination of internal client resources for all project work  
    • Including the DeepSeas delivery team on scheduled invites leveraging the Client’s video conferencing platform 
    • Assigning a resource to assist DeepSeas with content development; the assigned resource must have knowledge of client infrastructure and technical configuration, as well as existing incident response controls and capabilities. 
    • Providing Client's Incident Response Plan to DeepSeas (if not previously developed by DeepSeas) no later than thirty (30) days before the first scheduled tabletop; if one does not exist, Client shall be responsible for drafting one prior to the tabletop.
    • Making available representatives and/or delegates identified in incident response plan. 
    • Active participation by Client representatives/delegates.