DORA and PCI DSS
Article will help to introduce DORA requirements to those who have years of cybersecurity experience but are very new to DORA.
What is a Tabletop Exercise?
A tabletop exercise involves participants discussing and navigating through hypothetical scenarios that simulate real-world cybersecurity incidents. These exercises help organizations evaluate their incident response plans, identify gaps in their strategies, and improve coordination among different teams. By focusing on theoretical scenarios, organizations can refine their processes without the risks associated with live exercises.
Who Needs Tabletop Exercises?
Tenendo’s Cyber Tabletop Exercise Solution: Scenario-Based Simulations
At Tenendo, we offer Cyber Tabletop Exercises (TTX) designed to assess your organization’s readiness to handle potential cyber threats and incidents. Our approach leverages scenario-based simulations, crafted to match your specific infrastructure and assets. Here’s a breakdown of how our solution works:
1. Discovery Phase
The first step in our Cyber Tabletop Exercise is a thorough discovery phase. During this phase, we gather critical information about your organization’s infrastructure, security controls, and operational procedures. This is an essential step to ensure that the scenarios we create are relevant, realistic, and aligned with your organization’s actual risks.
2. Scenario Development
Based on the information collected during the discovery phase, we will develop potential compromise scenarios tailored to your assets. These scenarios will reflect the most likely attack vectors, vulnerabilities, and threat actors that could target your organization. We understand that scenarios are the primary focus of your team, and we take great care in designing them to challenge your current security posture while also identifying areas of strength.
3. Scenario-Based Simulation
The exercise itself will be conducted through a scenario-based simulation, where your team will actively participate in responding to simulated cyber incidents. We will guide the session, presenting various attack scenarios, and assess your team’s ability to identify, contain, and recover from the incidents. This will give your team hands-on experience in decision-making, crisis communication, and incident management.
4. Evaluation of Security Readiness
Throughout the exercise, we evaluate how prepared your team is to respond to each scenario based on your existing security measures. Our goal is to provide insights into how well your current setup supports your organization’s ability to manage and mitigate cyber risks. We’ll assess key areas such as response times, incident communication, and coordination across different teams.
5. Deliverables: Shortened Report with Actionable Insights
Following the exercise, we will provide a final shortened report that includes:
- A detailed description of the scenarios discussed during the exercise.
- Recommendations for best practices to improve security posture and response capabilities.
- An analysis of the strengths your current security setup provides and areas that may require further enhancement.
The report will focus on actionable insights, highlighting key areas for improvement based on the outcomes of the exercise. Our goal is to deliver a report that not only captures the lessons learned but also offers clear, practical steps for strengthening your security resilience.
6. Flexible Scheduling to Fit Your Team
We understand that coordinating with multiple team members can be challenging. To accommodate your team’s schedules, we offer flexible week-based scheduling for the exercise. You can select a week (e.g., “second week of December”), and we will align our availability to suit your team’s needs. This ensures that all stakeholders can participate, making the exercise as effective and collaborative as possible.
Why Choose Tenendo for Your Cyber Tabletop Exercise?
- Tailored Scenarios: Scenarios are customized based on your unique infrastructure and threat landscape, ensuring relevance to your organization’s risk environment.
- Expert Facilitation: Our team of experts will guide your organization through each step of the exercise, providing valuable insights into how prepared your team is to manage cyber incidents.
- Actionable Deliverables: We provide a practical report with clear recommendations and actionable steps to enhance your cybersecurity posture.
- Flexibility: Our flexible scheduling ensures that your entire team can participate without disruption to their work schedule.
Red Team ENGAGEMENT
The white paper document explores the methodology, testing process, planning, preparation, and expected deliverables.
Experience and accreditations
Cybersecurity:
- Offensive Security Certified Professional (OSCP)
- Offensive Security macOS Researcher (OSMR)
- Offensive Security Certified Expert3 (OSCE3):
- Offensive Security Experienced Penetration Tester (OSEP)
- Offensive Security Web Expert (OSWE)
- Offensive Security Exploit Developer (OSED)
- Certified Red Team Operator (CRTO)
- Certified Red Team Expert (CRTE)
- eMAPT. Mobile Application Penetration Tester
- API Security Certified Professional
- Burp Suite Certified Practitioner
- Certified Red Team Lead (CRTL)
- Certified Google Cloud Red Team Specialist
- Certified AWS Cloud Red Team Specialist
- Certified Hybrid Multi-Cloud Red Team Specialist
- Offensive Security Wireless Professional (OSWP)
Training Labs:
- Hack the Box Red Team Operator: Level 1/Level 2/Level 3
- Hack the Box Pro Lab BlackSky: Hailstorm
- Zero-Point Security: Red Team Lead RTO II (CRTL)
- Cyberwarfare Labs: Certified Red Team Specialist (CRTS)
- Cyberwarfare Labs: Certified Stealth Cyber Operator (CSCO)
- Cyberwarfare Labs: Certified AWS Cloud Red Team Specialist (CARTS)
- Cyberwarfare Labs: Certified Google Red Team Specialist (CGRTS)
- Cyberwarfare Labs: Certified Hybrid Multi-Cloud Red Team Specialist (CHMRTS)
Compliance and information security:
- Certified Information Systems Auditor (CISA)
- Cisco Certified Network Associate (CCNA)
- ISO 27001 Lead Implementor
- AWS Cloud Practitioner
- Certified Cloud Security Professional (CCSP)
Test consultancy:
- ISTQB Advanced Level Test Manager (CTAL-TM)
- ISTQB Advanced Level Technical Test Analyst (CTAL-TTA)
DORA — Compliance Solutions for financial institutions
Tenendo’s compliance solution ensures your organization meets DORA’s requirements for operational resilience, cybersecurity, and continuous testing.
TIBER-EU Framework
TIBER-EU is an EU framework for testing financial sector cybersecurity resilience. It employs red teaming based on threat intelligence to simulate real-world cyber-attacks, enhancing defenses and regulatory compliance.
