Tabletop Exercise - July 2016
The browser deployed on all workstations in your organization has a significant zero day vulnerability which is actively being exploited. You have already identified 10 workstations that are compromised as a result of this exploit and the help desk call volume due to this problem continues to increase abnormally.
There is currently no vendor patch or vendor workaround. A patch is anticipated to be issued in one week.
Items to discuss:
- What steps will you take to address the problem?
- Who do you need to notify?
- How will you determine if any sensitive data has been lost?
- What impact will the exploit have on your agency and its operations?
- Who is in charge?
- What actions will you take post-event?
Items to report:
- Did communications flow as expected? If not, why?
- Were processes and procedures followed?
- Were there any surprises?
- How well did the exercise work for your organization?