CMA CCTE Checklist 1903 PDF

You might also like

Download as pdf or txt
Download as pdf or txt
You are on page 1of 5

Cyber Crisis Tabletop Exercise

(CCTE) Checklist
About Cyber Management Alliance
Established in 2015, Cyber Management Alliance Ltd is one of the world’s leading cyber incident & crisis management service
providers offering advisory, executive training and bespoke workshops in all aspects of cyber crisis management, incident
planning, incident response testing and tabletop exercises.

Cyber Management Alliance (CM-Alliance) is also the creator of the internationally-acclaimed NCSC-Certified, Cyber Incident
Planning and Response (CIPR) course.

Previous attendees of the NCSC-Certified CIPR course and tabletop exercises include organisations including the United
Nations, UK Ministry of Defence, several UK Police Forces, NHS Trusts, European Central Bank, Swiss National Bank, Microsoft,
Ernst and Young, BNP Paribas and many others.

Services & Training Summary

At CM-Alliance, we believe that practice makes perfect when it comes to cyber crisis management. As part of our Cyber
Incident & Crisis Management training and workshops we offer:

n Incident Planning & Response: This training is certified by the UK Government’s NCSC and is titled Cyber Incident Planning
& Response. This certified course is highly interactive and covers the various tactical and strategic elements of planning
for a cyber-attack. The Building & Optimising Incident Response Playbooks workshop focuses on creating and optimising
incident response playbooks.

n Crisis Management Tabletop exercises: Our Cyber Crisis Tabletop Exercises (CCTE) are verbally simulated, business-
impacting, cyber-crisis scenario sessions where attendees discuss and review their actions and decisions.

n Trusted Advisory: Also referred to as vCISO (Virtual Chief Information Security Officer) our service is cost-effective and
commercially viable to organisations of all sizes and covers cybersecurity, privacy, audits and assessments.


Cyber Incident & Crisis Management (CICM)
GAP Assessments & Audit

Incident & Response Planning Crisis Management

Crisis Retainer Services

Regulatory &
UK Government, Audit Track
GCHQ-Certified Building & Optimising
Cyber Crisis Tabletop
Cyber Incident Incident Response
Exercise (CCTE)
Planning & Response Playbooks Playbooks
(CIPR) Track

Bespoke Planning & Playbook Workshops Executive Briefing and Awareness Sessions

Specialist Community Gatherings: Wisdom of Crowds

© 2020 Cyber Management Alliance Ltd

Cyber Crisis Tabletop Exercise
(CCTE) Checklist
What to do Check
The only way you can determine if your incident response plans will work during a real crisis is to test them
in a structured and safe way.
To find out about how we support organisations with running cyber incident response workshops,
please visit email us at or phone us on +44 (0) 203 189 1422.

Type of Exercise
n Determine type of exercise: c
n Tabletop: Paper-driven, verbally and visually simulated, with injects c
(Highly cost-effective, safe, and easy to execute)
n Hybrid: A mix of paper-driven with mix of real injects c
(eg: real phishing email is delivered into inbox)
n Full Live: Full on with all real injects (example: real email, custom malware etc.) c
(cost prohibitive and difficult to execute)

What to do Check
n Identify participants for the tabletop exercise: c
n From all key departments c

n Communicate regularly c

n Clearly structured communications c

n Clear notes in calendar invitation c

What to do Check
Pre-Exercise Collateral
n Create pre-exercise presentation for participants and include: c
n Ground rules c
n High level scenario c
n Expectations during the scenario c
n Commitment to attend c

n If possible present to them rather than distribute the document c


CCTE Checklist (cont)

What to do Check
n Design realistic cyber-attack scenario: c
n Must be organisation specific c
n Have a significant impact on the business c
n Include critical assets c
n Realistic threat actors c

What to do Check
n Identify the observer(s) c

n Ensure they are skilled c

n Describe their role c

n Seek formal commitment c

n Sign confidentiality agreement (if necessary) c

What to do Check
Formal Report
n Demand formal report with assessment c

n Report must identify gaps and recommendations c

n Formal maturity scoring to monitor improvements c

4 +44 203 189 1422 @cm_alliance

You might also like