Question

A cybersecurity manager has scheduled biannual meetings with the IT team and department leaders to discuss how they would respond to hypothetical cyber attacks. During these meetings the manager presents a scenario and injects additional information throughout the session to replicate what might occur in a dynamic cybersecurity event involving the company, its facilities, its data, and its staff. Which of the following describes what the manager is doing?

Developing an incident response plan
Building a disaster recovery plan
Conducting a tabletop exercise
Running a simulation exercise

Answer 1

Conducting a tabletop exercise

Step-by-step explanation:

Answer 2

Step-by-step explanation:

1. Cybersecurity Strategy Development Guide

The Strategy Development Guide defines a road map that PUCs can follow to design and implement

a structured approach for long-term engagement with utilities on cybersecurity matters. The guide

includes examples from PUCs that demonstrate the process steps and highlights the drivers of

successful outcomes. (2018)

2. Understanding Cybersecurity Preparedness: Questions for Utilities

The Questions for Utilities provides a set of comprehensive, context-sensitive questions that PUCs

can ask a utility to gain a detailed understanding of its current cybersecurity risk management

program and practices. The questions build upon and add to those included in previous NARUC

publications. (2019)

3. Cybersecurity Preparedness Evaluation Tool (CPET)

The CPET provides a structured approach for PUCs to use in assessing the maturity of a utility’s

cybersecurity risk management program and gauging capability improvements over time. The

CPET is designed to be used with the Questions for Utilities on an iterative basis to help PUCs

identify cybersecurity gaps, spur utilities’ adoption of additional mitigation strategies, and inform

cybersecurity investment decisions. (2019)

4. Cybersecurity Tabletop Exercise (TTX) Guide

This guide details the steps that PUCs can take to design and execute an exercise to examine utilities’

and other stakeholders’ readiness to respond to and recover from a cybersecurity incident. The

guide also is helpful to PUCs seeking to exercise their own cybersecurity strategies and capabilities.

Exercise scenarios and examples are included. (2020)

5. Cybersecurity Glossary

The Glossary contains cybersecurity terms used throughout the Cybersecurity Manual, as well as

“terms of art” that utilities may use during discussions with PUCs. (2019)

Components of the Cybersecurity Manual can be used individually but are designed to work together.

NARUC’s intent is to provide a comprehensive set of assessment tools that, when applied, provide a consistent,

complete view of utilities’ cybersecurity preparedness.