The client asked us to conduct this activity because of our strong relationship and mutual understanding, which ensured getting started was straightforward. We decided at the outset to also include one of our technical partners, who specialises in incident response. Our combined expertise positioned us to deliver exactly what the client was looking for out of this exercise.

​

To test the playbooks, we created scenarios that incorporated the latest Tactics, Techniques, and Procedures (TTPs) of potential threat actors. Understanding these TTPs enables organisations to discover, assess, and respond proactively to security threats. Dummy data was produced to make the simulation as realistic as possible.

​

The exercises took place on site with the required staff members. They worked through the simulations and tested the playbooks. Lasting two to three hours, the group talked through their actions in detail and even created dummy incidents in their system to capture all the activity.

The Approach

The Problem

The Outcome

Working with our technical partner, we produced several cyber threat simulations and ran through them to test the effectiveness of the client’s security playbooks. Going through the simulations was a practical method for reviewing specific steps and gave the staff involved some valuable experience of using them under full incident conditions.

​

Testing the playbooks also allowed us to upskill the team with some additional security education while working through the popular tactics that threat actors use today. Another benefit was providing the staff with an opportunity for team building – working together under pressure and demonstrating they could perform well. 

​

The overall success of these playbook simulations has led to more of them being carried out over time. We continue to perform this activity for the client and are expanding our coverage to other incident response areas.