The best way to know whether or not you are prepared for an incident is to test your capabilities in controlled simulations. Sand table exercises (sometimes called tabletop exercises) derive their name from the old war games where generals would push around their forces on a model battlefield, or sand table. Your generals and officers (management) can benefit by walking through sand table exercises that test their abilities to respond to various incidents.
Some organizations think they can create their own sand table exercises, but at Rendition have observed two primary problems with this approach. First, the administration of the exercises themselves are often haphazard, resulting in considerable lost time. Recall that sand table exercises often bring together many members of the management team, so inefficient use of time has a higher than normal cost. The second problem we observe is that those running the exercise often do not create realistic scenarios. They focus on the perceived strengths of the organization but fail to address things the areas where the organization may not have previously considered. They also suffer from the echo chamber effect, where employees participate in groupthink. In contrast, Rendition’s staff brings combined decades of experience to IR and can ask the hard questions – questions hard won with battle scars to prove it.
Sand Table Exercise Durations
Most sand table exercises are designed to last from a few hours to a full day. However, larger scale exercises can be conducted on request for larger organizations.
In a typical engagement, Rendition will come on site with the organization and run one or two days of sand table exercises with different teams.
Sand Table Exercise Topics
Rendition has developed numerous sand table exercises that can be customized to your organization’s specific needs. Some topics for sand table exercises include:
- Insider Threat
- Malware Outbreak
- Third Party Breach Notification
- Website Defacement
- APT Compromise
- Customer Information Compromise
- Malware Found on Payment Card Terminals
Sand Table Verticals
Rendition’s team of professionals have conducted sand table exercises across many verticals, including (but not limited to):
- Financial Services
- Defense Industrial Base
- Department of Defense
- Credit Card Processors
- Academic Organizations
- Local, State, and Federal Governments
Contact Rendition to customize a sand table exercise for your needs.