All the best things come in threes: the Three Musketeers, the Three Stooges, and, of course, your favorite three-cheese pizza ordered via the UberEats app. Engineering Security (EngSec) at Uber agrees and we have formed our own trio for how we simulate cybersecurity incidents at Uber to exercise our ability to act decisively should an incident occur. This three-pronged approach consists of tabletop exercises, red team operations, and atomic simulations.
Importance of Cybersecurity Incident Simulations
While having strong preventative measures in place is vitally important, it is essential that key people and functions are well prepared to both act, and importantly act together, should an incident occur.
Multiple approaches can help reap the full benefits of cybersecurity incident simulations, and each approach can have different benefits and limitations. For example, a simulation requiring a large amount of planning can result in more sophistication and realism, but the preparation time can limit how frequently this type of simulation can be conducted. When combined, our trio of simulations provide an array of options for cybersecurity incident response readiness.
Architecture of Our Approach
Each of our three different simulation methods has its own unique focus:
Tabletop Exercises (TTX)
These exercises simulate a security incident over a multi-hour event. TTXs complement more technical simulations by focusing on processes, roles, and equipping leaders to make decisions. The following objectives are ones that we have identified as being broadly applicable to all of our TTXs and we reflect on these post-TTX to determine t...