Testing incident response through "war gaming"

It's important to remember that these are tests of your plans, not of your staff! We encourage discussion and invite people to speak up. If there's a change that would benefit the organisation, these scenarios are a great time to investigate the changes.

Having a plan is great, but unless you've tested that plan you are not likely to be confident with it. We can run workshops with your teams to allow you to test your plans safely. We provide the facilitator that sets the scene and promotes conversation, you provide the relevant stakeholders who make the decisions. After the session we'll provide a debrief to allow you to learn from the experience.

Remote teams? No problem! With more and more organisations working remotely or in a hybrid fashion, we can facilitate the session using your normal conferencing system, or host it for you using Microsoft Teams.

All materials for the exercise are clearly labelled "incident response test" to avoid someone outside the exercise thinking the situation is real, and triggering your processes!

Table-top exercises

These are discussion based. After assembling the relevant people, we present a scenario and invite the team to discuss what they'd do next. During the discussions, additional information is presented to the team that can change the scope of the incident.

Simulation exercises

A more immersive scenario, allowing you to test your detection and mitigation strategies. We'll deploy a safe tool in your environment that can be detected by firewalls and network devices. Next, we set the scene with information from threat intelligence sources that relate to the threat being simulated. We then work with your teams to find the mock "infected" device and remove the threat.

Need help with incident response?

We can help you design your incident response and business continuity processes. Read more here.