How Tabletop Exercises Work
In a typical Tabletop Exercise service, Shellhex acts as facilitator and scenario controller. Participants are presented with a realistic scenario and a series of developments that unfold over the course of the exercise.
Pick your scenario:
Your organisation receives reports that staff can no longer access key systems. Investigation reveals that several servers have been encrypted by ransomware. A note appears demanding payment in cryptocurrency.
Do you disconnect systems from the network?
Do you notify clients?
Do you involve law enforcement?
Do you have usable backups?
Who has authority to make these decisions?
An employee reports that sensitive company information has appeared online. Initial investigation suggests an attacker may have had access to internal systems for several months.
What systems should be investigated first?
How do you determine what information has been exposed?
Do regulatory reporting requirements apply?
What do you tell staff, clients, suppliers, or regulators?
An attacker compromises a trusted third-party supplier and uses that relationship to gain access to your organisation's systems.
How is the compromise identified?
Which systems should be isolated?
What contingency plans exist if the supplier becomes unavailable?
How do you assess the wider impact on your operations?
As participants make decisions, additional information and developments are introduced. This enables us to explore how existing plans, procedures, and organisational structures perform under realistic conditions.