mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-15 23:44:56 +03:00
mukul975
113 lines
2.2 KiB
Markdown
113 lines
2.2 KiB
Markdown
# Ransomware Tabletop Exercise Template
|
|
|
|
## Exercise Overview
|
|
|
|
| Field | Value |
|
|
|-------|-------|
|
|
| Exercise Name | |
|
|
| Date | |
|
|
| Duration | 3-4 hours |
|
|
| Facilitator | |
|
|
| Scenario | [Threat Actor] ransomware attack |
|
|
| Industry | |
|
|
|
|
## Participants
|
|
|
|
| Name | Role | Department | Present (Y/N) |
|
|
|------|------|-----------|---------------|
|
|
| | CISO | Security | |
|
|
| | CIO | IT | |
|
|
| | General Counsel | Legal | |
|
|
| | VP Comms | PR | |
|
|
| | COO | Operations | |
|
|
| | CFO | Finance | |
|
|
|
|
## Phase 1: Detection SITREP
|
|
|
|
[Insert scenario text]
|
|
|
|
### Discussion Questions
|
|
1. Who declares the incident?
|
|
2. What is the immediate containment action?
|
|
3. Who is notified at this stage?
|
|
|
|
### Decisions Made
|
|
| Decision | Rationale | Owner |
|
|
|----------|-----------|-------|
|
|
| | | |
|
|
|
|
## Phase 2: Escalation SITREP
|
|
|
|
[Insert scenario text]
|
|
|
|
### Discussion Questions
|
|
1. What is the scope assessment process?
|
|
2. How do we maintain business operations?
|
|
3. Do we engage law enforcement?
|
|
|
|
### Decisions Made
|
|
| Decision | Rationale | Owner |
|
|
|----------|-----------|-------|
|
|
| | | |
|
|
|
|
## Phase 3: Critical Decisions SITREP
|
|
|
|
[Insert scenario text]
|
|
|
|
### Discussion Questions
|
|
1. Under what conditions do we pay?
|
|
2. What are notification obligations?
|
|
3. How do we respond to data leak?
|
|
|
|
### Decisions Made
|
|
| Decision | Rationale | Owner |
|
|
|----------|-----------|-------|
|
|
| | | |
|
|
|
|
## Phase 4: Recovery SITREP
|
|
|
|
[Insert scenario text]
|
|
|
|
### Discussion Questions
|
|
1. What is recovery priority order?
|
|
2. What do we tell customers?
|
|
3. What is the media statement?
|
|
|
|
### Decisions Made
|
|
| Decision | Rationale | Owner |
|
|
|----------|-----------|-------|
|
|
| | | |
|
|
|
|
## Evaluation Scorecard
|
|
|
|
| Area | Score (1-5) | Notes |
|
|
|------|-------------|-------|
|
|
| Detection & Escalation | | |
|
|
| Containment | | |
|
|
| Internal Communication | | |
|
|
| External Communication | | |
|
|
| Recovery Planning | | |
|
|
| Legal & Compliance | | |
|
|
| Business Continuity | | |
|
|
| Payment Decision | | |
|
|
| **Overall** | | |
|
|
|
|
## Key Findings
|
|
|
|
### Strengths
|
|
1.
|
|
2.
|
|
3.
|
|
|
|
### Gaps
|
|
| Gap | Severity | Owner | Remediation | Deadline |
|
|
|-----|----------|-------|-------------|----------|
|
|
| | Critical/High/Medium | | | |
|
|
|
|
## Sign-Off
|
|
|
|
| Role | Name | Signature | Date |
|
|
|------|------|-----------|------|
|
|
| Exercise Sponsor | | | |
|
|
| Facilitator | | | |
|