Governance, Risk & Compliance

Our tabletop exercises (TTXs) are designed to explore and improve your organisation’s preparedness in managing and responding to various cyber incidents. These exercises help identify critical gaps in your incident response strategies and decision-making under pressure, improving organisational cyber resilience.

What Does AUSCERT’s Tabletop Exercise (TTX) Service Include?

1. Information Gathering

We take pride in delivering highly customised TTXs tailored to each organisation’s specific needs and environment. Before the simulation, we work closely with your team to gather detailed information, ensuring a truly bespoke experience. This process allows us to design a realistic main event (the scenario) and multiple injects – additional cascading events that challenge participants to respond with adaptability, teamwork, and problem-solving. Unlike generic simulations, we never recycle scenarios across organisations, ensuring each TTX is uniquely suited to your context.

2. Simulation Exercise

Our experienced facilitators lead participants through realistic, scenario-driven discussions, emphasising critical areas such as roles, responsibilities, coordination, and decision-making. We present events and situations, prompting participants to react and make decisions in real-time. Throughout the exercise, observers actively collect data and take notes, ensuring key insights are captured. Critical questions are raised and addressed collaboratively, fostering open dialogue and encouraging problem-solving. The focus is on creating a supportive environment where teams can openly explore, test, and refine their incident response strategies.

3. Post-TTX Workshop Report

Following the simulation, we provide a comprehensive report outlining our observations and highlighting key areas for improvement in incident response. This report can be used to assure stakeholders of the organisation’s cyber resilience. It includes targeted recommendations for addressing gaps identified during the exercise, ensuring that our TTXs provide valuable insights to organisations at any stage of their cybersecurity maturity.

4. Follow-Up Meeting

In this meeting, we will discuss the report, identify improvement opportunities, and provide recommendations to address gaps and enhance your organisation’s cyber resilience. It offers participants a chance to discuss the exercise, seek clarification on the report’s findings, and receive feedback from facilitators and observers.

Achieve, and mature your compliance against the NIST CSF framework. NIST CSF is a widely recognised cybersecurity framework developed by the National Institute of Standards and Technology (NIST). Its broad acceptance worldwide underscores its value and effectiveness in addressing cybersecurity challenges on a global scale.

As part of the maturity assessment service, the following is included within the package offered:

• Comprehensive Assessment: An assessment is undertaken to evaluate your cybersecurity posture and maturity against 20 security controls. The assessment looks at 20 of the most critical NIST CSF controls, split across 15 core security domains, covering people, processes, and technology.
• Maturity Gap Report: You will receive a detailed report that benchmarks your current cybersecurity posture and identifies any gaps. This report will also provide you with clear next steps to help elevate your maturity level.
• Risk Scenario Assessment Report: Based on supplied cyber risk scenarios, including the potential impacts they would cause should they occur.
• Executive Summary and Strategy Document: A valuable resource for your senior management, this document will be based on the gap and risk assessments. It will include:
  • An overview of the gap assessment, spotlighting your organisation’s overall maturity level and benchmark.
  • A concise strategy on a page.
  • A risk scenario heatmap derived from the risk assessment.
  • An example security improvement roadmap.
• Optional Follow-Up: To ensure your ongoing cybersecurity success, we offer an optional complimentary follow-up assessment after your initial consultation*. This follow-up aims to confirm any improvements that might have elevated your posture to your desired level of maturity. A new Maturity Gap Report will be provided as part of this package.