CISA / ICBA Cyber Tabletop Exercise

CISA Logo

CISA / ICBA Cyber Tabletop Exercise

Sep 18, 2024 | Noon Eastern • 11:00 am Central | Webinar

This event for the 2024/2025 season will support and enhance the capabilities of community banks and the financial services sector in identifying, mitigating, responding to, and recovering from cyber incidents. This scenario is a cascading event with a cloud service provider cyber event and a regional disaster.

Exercise participants will be given the opportunity to explore the impacts of cyberattacks that compromise business operations and customer data and discuss their response plans, actions, and capabilities. While responding to the cyberattack a regional disaster impacts the community. Community bank technical staff, as well as senior leadership should participate as a team.

Registration

This four-hour cyber tabletop exercise will be conducted virtually in collaboration with CISA. It is held in two independent but connected sessions. To allow for flexibility ICBA encourages participation in both sessions. Attendance at only the first or second session is allowed. Each member of your team should register individually, even if on the day of the event you will be in a shared location. Do not share log in information.

Registration questions? Call 800-422-7285 or email [email protected] .

Register
Register

Who Should Attend?

Responding to a significant cybersecurity incident often takes an all-hands-on-deck approach. Participation in the workshop should include, but not be limited to, those responsible for the functions below:

  • IT management (e.g., Chief Information Officer, Director of Information Technology)
  • IT security policy, planning and governance (e.g., Chief Information Security Officer)
  • IT infrastructure and operations (e.g., network/system administrator, change manager)
  • Incident response (e.g., cyber incident responders, cybersecurity analysts)
  • Business operations (e.g., Chief Operations Officer)
  • Business continuity and disaster recovery planning (e.g., BC/DR manager)
  • Risk management (e.g., enterprise/operations risk manager)
  • Public relations (e.g., public affairs, media affairs)
  • Procurement and vendor management (e.g., contracts and legal support managers)

Get the Most Out of Your Tabletop

What is a tabletop exercise? In banking tabletop exercises co-workers come together to discuss how they would respond to proposed situations. Just like tabletop board games, there are no right or wrong answers. This is a collaborative event.

How many people do I need to participate in a tabletop? ICBA recommends bringing at least three people to the CISA tabletops. ICBA members can still join and participate if less than that can participate.

What should I bring? You should bring your Incident response plan (IRP) or Business Continuity Plan.

Who should register? Every person who will be joining should register. Even if the team will be in a shared location and using just one dial-in, each person should register.

What are the roles at the ICBA/CISA Tabletop?

  • Players – These people will take an active role in discussing and performing their actions as they would in a real situation. ICBA Members are expected to be players in the CISA tabletops.

  • Observers – CISA & ICBA will provide these positions. These people will support the players to provide answers to questions and provide guidance.

  • Facilitators – This person, from CISA, will guide the exercise and moderate the discussions.

  • Note-takers – Provided by CISA, they will take notes and observe for the whole group. This person will document your player discussion, and connect after the exercises back to plans, policies & procedures.

How long is a tabletop? Tabletop experiences can run from 2 hours to all day. Most are 4 hours.

Additional Resources for tabletops

CISA Tabletop Exercise Packages | CISA

Incident Response Training | CISA

Cybersecurity Tabletop Exercise Tips (cisa.gov)

Please contact Kari Mitchum with any questions or requests for additional information.