Before beginning a tabletop exercise,
Mandiant experts first develop an understanding the client
organization’s threat profile, operational environment and specific
areas of concern. We conduct an on-site workshop with key individuals,
and introduce evolving scenario injects based on attacker behavior,
techniques and tactics observed during our incident response work.
During the exercise, we observe gameplay
to determine how simulated actions and decisions run concurrent to or
diverge from the organization’s documented plans and processes and the
incident response best practices identified by Mandiant experts.
We offer two Tabletop Exercise tracks:
technical incident response and executive crisis
management. Best practice calls for each track to be conducted
annually — separately or as part of a coordinated exercise. The
Technical Incident Response track is ideal for security team
management and staff looking to test their response process capabilities.
The Executive Crisis Management track is
ideal for C-suite executives who want to test the effectiveness of
their crisis response strategies.
After the workshop, we brief the
organization in person and submit a written After-Action Report that
includes a step-by-step summary of scenario inputs and responses.