Professional Documents
Culture Documents
(CCTE) Checklist
About Cyber Management Alliance
Established in 2015, Cyber Management Alliance Ltd is one of the world’s leading cyber incident & crisis management service
providers offering advisory, executive training and bespoke workshops in all aspects of cyber crisis management, incident
planning, incident response testing and tabletop exercises.
Cyber Management Alliance (CM-Alliance) is also the creator of the internationally-acclaimed NCSC-Certified, Cyber Incident
Planning and Response (CIPR) course.
Previous attendees of the NCSC-Certified CIPR course and tabletop exercises include organisations including the United
Nations, UK Ministry of Defence, several UK Police Forces, NHS Trusts, European Central Bank, Swiss National Bank, Microsoft,
Ernst and Young, BNP Paribas and many others.
n Incident Planning & Response: This training is certified by the UK Government’s NCSC and is titled Cyber Incident Planning
& Response. This certified course is highly interactive and covers the various tactical and strategic elements of planning
for a cyber-attack. The Building & Optimising Incident Response Playbooks workshop focuses on creating and optimising
incident response playbooks.
n Crisis Management Tabletop exercises: Our Cyber Crisis Tabletop Exercises (CCTE) are verbally simulated, business-
impacting, cyber-crisis scenario sessions where attendees discuss and review their actions and decisions.
n Trusted Advisory: Also referred to as vCISO (Virtual Chief Information Security Officer) our service is cost-effective and
commercially viable to organisations of all sizes and covers cybersecurity, privacy, audits and assessments.
Regulatory &
UK Government, Audit Track
GCHQ-Certified Building & Optimising
Cyber Crisis Tabletop
Cyber Incident Incident Response
Exercise (CCTE)
Planning & Response Playbooks Playbooks
(CIPR) Track
Bespoke Planning & Playbook Workshops Executive Briefing and Awareness Sessions
2
Cyber Crisis Tabletop Exercise
(CCTE) Checklist
What to do Check
The only way you can determine if your incident response plans will work during a real crisis is to test them
in a structured and safe way.
To find out about how we support organisations with running cyber incident response workshops,
please visit cm-alliance.com email us at info@cm-alliance.com or phone us on +44 (0) 203 189 1422.
Type of Exercise
n Determine type of exercise: c
n Tabletop: Paper-driven, verbally and visually simulated, with injects c
(Highly cost-effective, safe, and easy to execute)
n Hybrid: A mix of paper-driven with mix of real injects c
(eg: real phishing email is delivered into inbox)
n Full Live: Full on with all real injects (example: real email, custom malware etc.) c
(cost prohibitive and difficult to execute)
What to do Check
Participants
n Identify participants for the tabletop exercise: c
n From all key departments c
n Communicate regularly c
What to do Check
Pre-Exercise Collateral
n Create pre-exercise presentation for participants and include: c
n Ground rules c
n High level scenario c
n Expectations during the scenario c
n Commitment to attend c
Continued...
3
CCTE Checklist (cont)
What to do Check
Scenario
n Design realistic cyber-attack scenario: c
n Must be organisation specific c
n Have a significant impact on the business c
n Include critical assets c
n Realistic threat actors c
What to do Check
Observers
n Identify the observer(s) c
What to do Check
Formal Report
n Demand formal report with assessment c
4
info@cm-alliance.com https://cm-alliance.com +44 203 189 1422 @cm_alliance