Client: Major Rail Provider
Location: Asia
Situation: The organisation had investments in several countries such as Hong Kong, China, Europe, Australia etc. They wanted to conduct a joint cyber incident response exercise involving all their offices.
Ask: The client asked ARInnovate to prepare and conduct an incident response tabletop exercise.
Our Solution: We conducted the incident response through the following steps:
- Developed training materials for Cyber Security Incident Responders
- Trained incident responders at CWPR
- Undertook a Threat Assessment to determine an appropriate exercise incident scenario
- Identified threat actors and their motivations who are likely to target CWPR
- Identified their TTPs
- Identified threat scenarios
- Finalised incident scenario
- Conducted cyber incident response simulation exercise:
- Drafted and agreed incident scenario options
- Developed training materials, Runsheet and exercise ‘ingests’
- Facilitated the Incident Response Simulation Exercise, capture actions and issues
- Conducted a debrief with Exercise participants and collect feedback
- Developed and exercise Outcomes and Actions Report