Governance, Risk & Compliance (GRC)

Build Cyber Resilience Through a Real-World Tabletop Exercise

The TTX aims to assess the CIIOs’ capabilities and operational processes to detect, respond and recover from cyber incidents by exercising the relevant operational plans and Standard Operating Procedures (SOPs), Business Continuity Plan (“BCP”) and Disaster Recovery Plan (“DRP”) to ensure that its CIIs remain resilient and can continue to deliver essential services in the event of disruptions due to a cybersecurity incident.

FIRMUS uses a threat intelligence driven approach to develop scenarios, including for the purpose of wargaming exercise, not limiting to establishing case studies on noteworthy past incidents and cyber-attack campaigns, and profiling known threat actors and their tactics, techniques and procedures (TTPs) using the MITRE ATT&CK framework or equivalent framework.

Table Top Exercise

Our Approach & Methodology

Our approach & methodology also assess Sector Lead to coordinate and manage cyber incidents at the sectoral level.

  • Phase 1 (Understand and Plan): To conduct planning and engagement workshops for the Sector Lead and ICM CIIOs for information gathering and schedule of activities leading to actual conduct of exercise

  • Phase 2 (Design and Develop): To design and develop cybersecurity scenarios for the Sector Lead and ICM CIIOs on a threat assessment that established realistic and emerging cyber threats that are relevant to ICM sectors.

  • Phase 3 (Deliver and Report): To conduct TTX and Crisis Communications to assess and grade the cyber readiness of each CIIO and the ICM sector via specific criteria that was discussed. Exercise After Action Report (AAR) to be delivered after the conduct of the exercise.

Key Benefits of Running TTX (Table-Top Exercise)

Why Firmus?

Firmus combines offensive security expertise, governance consulting, and real-world cybersecurity implementation experience to deliver practical, risk-driven, and business-aligned security services. Our consultants work closely with organizations to strengthen cybersecurity resilience while ensuring security initiatives remain operationally effective and aligned with business objectives.

Firmus is also recognized through multiple industry-leading certifications and accreditations, including:

  • CREST Accredited Company with CREST Certified Consultants

    Firmus is CREST accredited, validating our capabilities, methodologies, and quality standards in delivering professional cybersecurity assessment and penetration testing services aligned with internationally recognized best practices.

  • ISO/IEC 27001:2022 Certified

    Firmus is certified to ISO/IEC 27001:2022, demonstrating our commitment to maintaining a robust Information Security Management System (ISMS) and protecting the confidentiality, integrity, and availability of information assets.

  • Cyber Trust Mark — Advocate Level Certification

    Firmus is certified at the highest Cyber Trust Mark tier, demonstrating advanced cybersecurity maturity and operational excellence.

These certifications and accreditations reflect Firmus’ commitment to maintaining high cybersecurity standards, operational discipline, and trusted service delivery for enterprise and regulated environments.