ARInnovate is a specialised consulting firm providing organisations with bespoke software development and cyber security services.


Client: Major Rail Provider

Location: Asia

Situation: The organisation had investments in several countries such as Hong Kong, China, Europe, Australia etc. They wanted to conduct a joint cyber incident response exercise involving all their offices.

Ask: The client asked ARInnovate to prepare and conduct an incident response tabletop exercise.

Our Solution: We conducted the incident response through the following steps:

  • Developed training materials for Cyber Security Incident Responders
  • Trained incident responders at CWPR
  • Undertook a Threat Assessment to determine an appropriate exercise incident scenario
    1. Identified threat actors and their motivations who are likely to target CWPR
    2. Identified their TTPs
    3. Identified threat scenarios
    4. Finalised incident scenario
  • Conducted cyber incident response simulation exercise:
    1. Drafted and agreed incident scenario options
    2. Developed training materials, Runsheet and exercise ‘ingests’
    3. Facilitated the Incident Response Simulation Exercise, capture actions and issues
    4. Conducted a debrief with Exercise participants and collect feedback
    5. Developed and exercise Outcomes and Actions Report