mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-16 07:53:18 +03:00
mukul975
49 lines
2.2 KiB
Markdown
49 lines
2.2 KiB
Markdown
# Standards & References - Ransomware Tabletop Exercise
|
|
|
|
## Exercise Standards
|
|
|
|
### FEMA HSEEP (Homeland Security Exercise and Evaluation Program)
|
|
- Standardized methodology for exercise design, conduct, and evaluation
|
|
- Defines exercise types: seminars, workshops, tabletops, drills, functional, full-scale
|
|
- Provides templates for exercise plans, evaluation guides, and AARs
|
|
- https://www.fema.gov/emergency-managers/national-preparedness/exercises/hseep
|
|
|
|
### NIST SP 800-84: Guide to Test, Training, and Exercise Programs
|
|
- Framework for developing IT plan test and exercise programs
|
|
- Section 4.3: Tabletop exercises for incident response testing
|
|
- Covers exercise scoping, objectives, scenario development, and evaluation
|
|
|
|
### CISA Tabletop Exercise Packages (CTEPs)
|
|
- Free downloadable exercise scenarios for critical infrastructure sectors
|
|
- Ransomware-specific scenarios updated to reflect current threat landscape
|
|
- https://www.cisa.gov/resources-tools/services/cisa-tabletop-exercise-packages
|
|
|
|
## Ransomware-Specific Guidance
|
|
|
|
### CISA #StopRansomware Guide
|
|
- Ransomware response checklist that exercises should validate
|
|
- Decision tree for ransom payment considerations
|
|
- Recovery priority guidance
|
|
|
|
### NIST IR 8374: Ransomware Risk Management
|
|
- Identifies exercise testing as a key control in the Recover function
|
|
- Recommends annual tabletop exercises with escalating complexity
|
|
|
|
### FBI/CISA Joint Advisories
|
|
- AA24-131A: Black Basta Ransomware
|
|
- AA23-136A: BianLian Ransomware Group
|
|
- AA23-158A: CL0P Ransomware Gang Exploiting MOVEit
|
|
- Use these as source material for realistic exercise scenarios
|
|
|
|
## Regulatory Notification Requirements (for Scenario Design)
|
|
|
|
| Regulation | Notification Timeline | Authority |
|
|
|-----------|----------------------|-----------|
|
|
| GDPR (EU) | 72 hours | Supervisory Authority |
|
|
| HIPAA (US Healthcare) | 60 days (individuals), ASAP (HHS if >500) | HHS OCR |
|
|
| SEC (US Public Companies) | 4 business days (Form 8-K) | SEC |
|
|
| PCI DSS | 72 hours | Card brands/acquiring bank |
|
|
| NY DFS (23 NYCRR 500) | 72 hours | NY DFS |
|
|
| CCPA (California) | "Expedient time" | California AG |
|
|
| NIS2 (EU) | 24 hours (early warning), 72 hours (full) | National CSIRT |
|