Scribd
Upload
242 views

Tabletop - Exercise Based On DDos Attack

very important for ddos

Uploaded by

Srinivas D
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
242 views

Tabletop - Exercise Based On DDos Attack

very important for ddos

Uploaded by

Srinivas D
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Tabletop Exercise to create a scenario

based on DDoS Attack


1. Exercise Overview
Objective

-The goal of this tabletop exercise is to test the organization’s response to a Distributed
Denial of Service (DDoS) attack, focusing on coordination among IT security,
communications, legal, and business continuity teams.

Exercise Date

-14/09/2024

Participants

- Incident Commander: Leads the overall response, coordinates with all other teams,
and makes critical decisions.

-IT Security Lead: Responsible for detecting, mitigating, and preventing the DDoS
attack.

-Communications Team Lead: Manages internal and external communications,


ensuring the public and media are informed.

-Legal Advisor: Ensures compliance with relevant legal frameworks and assists with law
enforcement coordination.

-Business Continuity Lead: Ensures essential services remain operational during and
after the attack.

Scenario Summary

- This exercise simulates a downtime scenario where the online shopping system
experiences an outage. The teams must respond to customer inquiries, ensure
orders are not lost, and communicate updates.
2. Scenario Background
Scenario Introduction

- The organization’s online services experience a sudden surge in traffic, overwhelming


servers and causing critical applications to crash. Initial reports suggest a Distributed
Denial of Service (DDoS) attack targeting key services.

Trigger Event

- On a weekday morning, the company’s website becomes unresponsive. Users report


service outages, and the IT team confirms a DDoS attack has been launched from
multiple international sources.

3. Objectives and Scope


Primary Objectives

-Identify and mitigate the source of the attack.

-Ensure critical services are restored in a timely manner.

-Communicate effectively with all stakeholders.

-Ensure legal compliance and engage law enforcement.

In-scope

 IT infrastructure
 Communications and public relations
 Legal and compliance issues
 Non-IT-related business operations

4. Roles and Responsibilities

Incident Commander: Coordinates the response efforts. Decides when to escalate and
involves external parties such as law enforcement.

IT Security Lead: Investigates the attack and implements countermeasures (e.g.,


rerouting traffic, deploying anti-DDoS tools).

Communications Lead: Issues statements to the public, clients, and employees,


reassuring them of the steps being taken to resolve the issue.
Legal Advisor: Provides guidance on relevant laws under the Indian Constitution and
advises on how to handle legal responsibilities during a cyberattack.

Relevant Law Points:

 Information Technology Act, 2000: Sections 43 and 66, which address


unauthorized access and damage to systems.
 Indian Penal Code (IPC), Section 425: Covers mischief, which can include
the willful obstruction of services.

5. Detailed Steps for the Exercise

Step 1: Kickoff and Introduction

The Incident Commander initiates the exercise, briefing the participants about the
detected DDoS attack and its potential impact on the organization.

Step 2: Initial Discovery Phase

The IT Security Lead investigates and confirms that the attack is a DDoS, coming from
multiple regions.

The Business Continuity Lead reviews which services are disrupted and ensures backup
services are activated where possible.

Step 3: Investigation and Escalation

The IT Security Lead escalates the incident to the Incident Commander. External DDoS
mitigation services are activated.

The Legal Advisor contacts relevant law enforcement agencies and advises on filing a
formal complaint under Section 66F of the IT Act, which deals with cyber terrorism.

Step 4: Decision Points

A critical decision point arises: should the organization temporarily take down non-
essential services to focus on restoring core systems? The Incident Commander must
make the final call based on input from all team members.

Step 5: Action Phase

The IT Security Lead works with external vendors to block malicious traffic.
The Communications Lead drafts a public statement, following Section 79 of the IT Act,
ensuring that the organization complies with intermediary liability protections.

Step 6: Communication and Public Relations

The Communications Lead updates the media and clients, emphasizing the organization’s
commitment to resolving the issue, following the advice of the Legal Advisor to avoid
any legally compromising statements.

6. Debrief and After-Action Review


Immediate Debrief

-After the exercise, the Incident Commander conducts an immediate review of


actions taken, identifying key areas for improvement.

After-Action Review

- A formal review is scheduled to assess the effectiveness of the response plan and make
recommendations for future improvements.

7. Performance Metrics
Performance Evaluation

-Speed of Response: Time taken to identify and mitigate the attack.

-Communication Efficiency: Clarity and timing of internal and external


communications.

-Compliance: Legal actions taken in accordance with Indian laws.

8. Follow-up Actions
Recommendations for Improvement

-Develop a more robust backup system.

-Improve communication protocols with external DDoS mitigation providers.

-Strengthen relationships with law enforcement.


9. Exercise Evaluation Form (Optional)
- Include an optional section where participants can provide feedback on the
exercise.

10. Closing Notes


Thank the Participants

- We would like to extend our sincere gratitude to all participants for their valuable
contributions to this tabletop exercise. Your active involvement and collaboration were
essential in testing and refining our incident response plan for a DDoS attack scenario.

Next Steps

As we move forward, we will focus on the following actions based on today’s exercise:

1. Implement recommendations for strengthening our DDoS mitigation


strategies.
2. Develop additional training sessions to improve team coordination and
decision-making during critical incidents.
3. Review legal and regulatory protocols to ensure full compliance with cyber
laws, especially under the Information Technology Act, 2000, and the
Indian Penal Code.

You might also like