Using the Cyber Table Top (CTT) Process to Perform a Cyber Risk Assessment

Presented by

Katie Premore (Lockheed Martin)

About this talk

The Cyber Table Top (CTT) process was developed in 2014 to support DoD customers who were overwhelmed by the sheer number of findings produced by traditional cybersecurity scanning tools and checklist processes. These tools and processes identify a very large number of possible vulnerabilities for a system but didn’t provide context for which vulnerabilities might truly lead to potential mission failure. Since budgets are limited, customers need methods of focusing on the most critical vulnerabilities which present the highest risk to their systems. The CTT process is focused on producing actionable cyber vulnerability data in an approachable risk matrix format to enable teams to focus resources. CTTs bring together system developers and maintainers, system users, and expert red teams to execute a multi-day wargame that focuses on the security evaluation of threats that would deny, degrade, disrupt or destroy a system and prohibit users from accomplishing their core mission. By assessing the potential mission impact of vulnerabilities as well as their likelihood/difficulty it provides a way to understand the relative risks of various vulnerabilities and focus the remediation efforts. The CTT process has been used to support DoD system cyber security evaluations in various lifecycle stages from design through long-term maintenance. It has been used to identify and mitigate threats that later were witnessed “in the wild” and caused significant negative impacts to other systems. It has become so popular that an official DoD Guidebook and training course was developed in 2018.

Related topics:

More from this channel

Upcoming talks (5)
On-demand talks (120)
Subscribers (21498)
Addressing diversity and talent shortages in cybersecurity through recruiting, retaining and advancing women in the field of cybersecurity, and improving on the very low 20-24% statistic of women in cybersecurity jobs.