Using the Cyber Table Top (CTT) Process to Perform a Cyber Risk Assessment
Summary
The Cyber Table Top (CTT) process, developed in 2014, helps organizations prioritize cybersecurity risks by focusing on vulnerabilities that could lead to mission failure. It involves a multi-day wargame with system stakeholders and red teams to assess the potential impact and likelihood of threats, enabling a more focused approach to remediation.
IFF Assessment
The CTT process is a defensive technique that helps defenders identify and prioritize critical vulnerabilities, leading to more effective resource allocation.
Defender Context
This article highlights a valuable risk assessment methodology that can help defenders cut through the noise of numerous vulnerability findings. By focusing on mission impact, organizations can better allocate limited resources to address the most critical threats. Defenders should consider adopting or adapting similar table-top exercises to improve their strategic risk management.