Review: Cybersecurity Tabletop Exercises
Packed with real-world case studies and practical examples, Cybersecurity Tabletop Exercises offers insights into how organizations have successfully leveraged tabletop exercises to identify security gaps and enhance their incident response strategies.
The authors explore a range of realistic scenarios, including phishing campaigns, ransomware attacks, and insider threats, demonstrating how these exercises can uncover vulnerabilities before an actual crisis occurs. It also highlights key lessons learned from exercises that didn’t go as planned, providing a well-rounded perspective on common pitfalls and best practices.
About the authors
Authors Robert Lelewski and John Hollenberger are seasoned cybersecurity professionals with extensive experience in incident response, risk management, and digital forensics. Lelewski, VP of cybersecurity strategy at Zurich Insurance’s Global Ventures, and Hollenberger, a senior security consultant at Fortinet, bring decades of expertise and industry certifications to this practical guide on tabletop exercises.
Real-world examples
The book uses a practical, step-by-step approach, guiding readers through every phase of a successful tabletop exercise, from initial planning and execution to follow-up evaluations.
It provides realistic, adaptable scenarios that can be modified for different industries and threat landscapes. It also offers guidance on securing executive buy-in, ensuring that tabletop exercises are integrated into a company’s broader cybersecurity strategy rather than treated as a one-time compliance exercise.
Additionally, its alignment with key industry standards (including ISO, NIST, and PCI-DSS), ensures that organizations can use these exercises to meet regulatory and contractual obligations.
The authors also discuss outsourcing tabletop exercises, highlighting when and why organizations might benefit from external consultants. They explain the costs, advantages, and potential biases of outsourcing, noting that third-party facilitators bring specialized expertise and can provide an unbiased assessment. The book also explores a hybrid approach, where external experts lead initial exercises while training internal teams for future sessions, making it a practical guide for organizations with limited in-house experience.
Who is it for?
Cybersecurity Tabletop Exercises is a comprehensive guide tailored for information security pros responsible for developing and facilitating cybersecurity tabletop exercises, incident response teams seeking to refine their response strategies, and security consultants who assist organizations in conducting these critical drills.
The book is also valuable for anyone looking to understand the strategic importance of tabletop exercises in cybersecurity preparedness. With its structured approach and practical insights, this book is essential for anyone involved in strengthening an organization’s resilience against cyber threats.