When it comes to hosting tabletop exercises for an organization to evaluate its cybersecurity policies and procedures, it’s important to have useful and multi-faceted scenarios that can help point out flaws or improvement points in the company’s security stature.
In the CIS guide, it provides six tabletop exercises that companies could consider. The prompts are specific, but provide enough flexibility for companies to further adapt with additional information to make it more relevant for their business.
Some of the scenarios include: Injecting of malware that spread through the company’s network from an employee’s computer, a publicly-known compromise of a cloud vendor the company uses, a ransomware attack admist a natural disaster, and an unproperly tested patch that took down critical company servers.
