{"id":3766,"date":"2026-07-03T16:00:00","date_gmt":"2026-07-03T08:00:00","guid":{"rendered":"https:\/\/firmussec.com\/sg\/?page_id=3766"},"modified":"2026-07-03T21:11:40","modified_gmt":"2026-07-03T13:11:40","slug":"table-top-exercise-ttx","status":"publish","type":"page","link":"https:\/\/firmussec.com\/sg\/table-top-exercise-ttx\/","title":{"rendered":"Table Top Exercise (TTX)"},"content":{"rendered":"<div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-1 fusion-flex-container nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1206.4px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-0 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:0px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-text fusion-text-1\"><p style=\"color: var(--awb-color5);\">Governance, Risk & Compliance (GRC)<\/p>\n<\/div><div class=\"fusion-title title fusion-title-1 fusion-sep-none fusion-title-text fusion-title-size-one\"><h1 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:47;line-height:var(--awb-typography1-line-height);\">Build Cyber Resilience Through a Real-World Tabletop Exercise<\/h1><\/div><div class=\"fusion-text fusion-text-2\"><p>The TTX aims to assess the CIIOs\u2019 capabilities and operational processes to detect, respond and recover from cyber incidents by exercising the relevant operational plans and Standard Operating Procedures (SOPs), Business Continuity Plan (\u201cBCP\u201d) and Disaster Recovery Plan (\u201cDRP\u201d) to ensure that its CIIs remain resilient and can continue to deliver essential services in the event of disruptions due to a cybersecurity incident.<\/p>\n<p>FIRMUS uses a threat intelligence driven approach to develop scenarios, including for the purpose of wargaming exercise, not limiting to establishing case studies on noteworthy past incidents and cyber-attack campaigns, and profiling known threat actors and their tactics, techniques and procedures (TTPs) using the MITRE ATT&CK framework or equivalent framework.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-1 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:0px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-image-element \" style=\"--awb-caption-title-font-family:var(--h2_typography-font-family);--awb-caption-title-font-weight:var(--h2_typography-font-weight);--awb-caption-title-font-style:var(--h2_typography-font-style);--awb-caption-title-size:var(--h2_typography-font-size);--awb-caption-title-transform:var(--h2_typography-text-transform);--awb-caption-title-line-height:var(--h2_typography-line-height);--awb-caption-title-letter-spacing:var(--h2_typography-letter-spacing);\"><span class=\" fusion-imageframe imageframe-none imageframe-1 hover-type-none\"><img decoding=\"async\" width=\"1993\" height=\"664\" alt=\"Table Top Exercise\" title=\"Table Top Exercise\" src=\"https:\/\/firmussec.com\/sg\/wp-content\/uploads\/2026\/05\/group-people-working-out-business-plan-office1.jpg\" data-orig-src=\"https:\/\/firmussec.com\/sg\/wp-content\/uploads\/2026\/05\/group-people-working-out-business-plan-office1.jpg\" class=\"lazyload img-responsive wp-image-3661\" srcset=\"data:image\/svg+xml,%3Csvg%20xmlns%3D%27http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%27%20width%3D%271993%27%20height%3D%27664%27%20viewBox%3D%270%200%201993%20664%27%3E%3Crect%20width%3D%271993%27%20height%3D%27664%27%20fill-opacity%3D%220%22%2F%3E%3C%2Fsvg%3E\" data-srcset=\"https:\/\/firmussec.com\/sg\/wp-content\/uploads\/2026\/05\/group-people-working-out-business-plan-office1-200x67.jpg 200w, https:\/\/firmussec.com\/sg\/wp-content\/uploads\/2026\/05\/group-people-working-out-business-plan-office1-400x133.jpg 400w, https:\/\/firmussec.com\/sg\/wp-content\/uploads\/2026\/05\/group-people-working-out-business-plan-office1-600x200.jpg 600w, https:\/\/firmussec.com\/sg\/wp-content\/uploads\/2026\/05\/group-people-working-out-business-plan-office1-800x267.jpg 800w, https:\/\/firmussec.com\/sg\/wp-content\/uploads\/2026\/05\/group-people-working-out-business-plan-office1-1200x400.jpg 1200w, https:\/\/firmussec.com\/sg\/wp-content\/uploads\/2026\/05\/group-people-working-out-business-plan-office1.jpg 1993w\" data-sizes=\"auto\" data-orig-sizes=\"(max-width: 640px) 100vw, 1200px\" \/><\/span><\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-2 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:0px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-2 fusion-sep-none fusion-title-text fusion-title-size-one\"><h1 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:47;line-height:var(--awb-typography1-line-height);\">Our Approach & Methodology<\/h1><\/div><div class=\"fusion-text fusion-text-3\"><p>Our approach & methodology also assess Sector Lead to coordinate and manage cyber incidents at the sectoral level.<\/p>\n<\/div><ul style=\"--awb-line-height:27.2px;--awb-icon-width:27.2px;--awb-icon-height:27.2px;--awb-icon-margin:11.2px;--awb-content-margin:38.4px;--awb-circlecolor:var(--awb-color5);--awb-circle-yes-font-size:14.08px;\" class=\"fusion-checklist fusion-checklist-1 fusion-checklist-default type-icons\"><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-pen-fancy fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p><strong>Phase 1 (Understand and Plan):<\/strong> To conduct planning and engagement workshops for the Sector Lead and ICM CIIOs for information gathering and schedule of activities leading to actual conduct of exercise<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-ruler-combined fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p><strong>Phase 2 (Design and Develop):<\/strong> To design and develop cybersecurity scenarios for the Sector Lead and ICM CIIOs on a threat assessment that established realistic and emerging cyber threats that are relevant to ICM sectors.<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-laptop-code fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p><strong>Phase 3 (Deliver and Report):<\/strong> To conduct TTX and Crisis Communications to assess and grade the cyber readiness of each CIIO and the ICM sector via specific criteria that was discussed. Exercise After Action Report (AAR) to be delivered after the conduct of the exercise.<\/p>\n<\/div><\/li><\/ul><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-3 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:0px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-3 fusion-sep-none fusion-title-text fusion-title-size-one\"><h1 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:47;line-height:var(--awb-typography1-line-height);\">Key Benefits of Running TTX (Table-Top Exercise)<\/h1><\/div><div class=\"fusion-content-boxes content-boxes columns row fusion-columns-1 fusion-columns-total-8 fusion-content-boxes-1 content-boxes-icon-with-title content-left\" style=\"--awb-hover-accent-color:var(--awb-color5);--awb-circle-hover-accent-color:var(--awb-color5);--awb-item-margin-bottom:40px;\" data-animationOffset=\"top-into-view\"><div style=\"--awb-backgroundcolor:rgba(255,255,255,0);\" class=\"fusion-column content-box-column content-box-column content-box-column-1 col-lg-12 col-md-12 col-sm-12 fusion-content-box-hover content-box-column-last-in-row\"><div class=\"col content-box-wrapper content-wrapper link-area-link-icon icon-hover-animation-fade\" data-animationOffset=\"top-into-view\"><div class=\"heading heading-with-icon icon-left\"><div class=\"icon\"><i style=\"border-color:var(--awb-color8);border-width:0px;background-color:rgba(215,20,68,0.32);box-sizing:content-box;height:48px;width:48px;line-height:48px;border-radius:50%;font-size:24px;\" aria-hidden=\"true\" class=\"fontawesome-icon fa-search fas circle-yes\"><\/i><\/div><h2 class=\"content-box-heading fusion-responsive-typography-calculated\" style=\"--h2_typography-font-size:18px;--fontSize:18;line-height:1.25;\">1. Validate Incident Response Readiness<\/h2><\/div><div class=\"fusion-clearfix\"><\/div><div class=\"content-container\">\n<p style=\"color: rgb(92, 103, 112);\">A TTX tests whether your incident response plan actually works in practice, not just on paper. Teams quickly discover gaps in:<\/p>\n<ul>\n<li><span style=\"color: rgb(92, 103, 112);\">Escalation flow<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">Roles & responsibilities<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">Communication channels<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">Decision authority<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">Technical coordination<\/span><\/li>\n<\/ul>\n<\/div><\/div><\/div><div style=\"--awb-backgroundcolor:rgba(255,255,255,0);\" class=\"fusion-column content-box-column content-box-column content-box-column-2 col-lg-12 col-md-12 col-sm-12 fusion-content-box-hover content-box-column-last-in-row\"><div class=\"col content-box-wrapper content-wrapper link-area-link-icon icon-hover-animation-fade\" data-animationOffset=\"top-into-view\"><div class=\"heading heading-with-icon icon-left\"><div class=\"icon\"><i style=\"border-color:var(--awb-color8);border-width:0px;background-color:rgba(215,20,68,0.32);box-sizing:content-box;height:48px;width:48px;line-height:48px;border-radius:50%;font-size:24px;\" aria-hidden=\"true\" class=\"fontawesome-icon fa-laugh fas circle-yes\"><\/i><\/div><h2 class=\"content-box-heading fusion-responsive-typography-calculated\" style=\"--h2_typography-font-size:18px;--fontSize:18;line-height:1.25;\">2. Improve Executive Decision-Making<\/h2><\/div><div class=\"fusion-clearfix\"><\/div><div class=\"content-container\">\n<p style=\"color: rgb(92, 103, 112);\">Cyber incidents are no longer purely technical. A TTX helps management practice:<\/p>\n<ul>\n<li><span style=\"color: rgb(92, 103, 112);\">Crisis leadership<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">Business continuity decisions<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">Regulatory response<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">Public\/media communication<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">Legal and reputational risk handling<\/span><\/li>\n<\/ul>\n<p style=\"color: rgb(92, 103, 112);\">This is especially valuable for C-level executives and board members.<\/p>\n<\/div><\/div><\/div><div style=\"--awb-backgroundcolor:rgba(255,255,255,0);\" class=\"fusion-column content-box-column content-box-column content-box-column-3 col-lg-12 col-md-12 col-sm-12 fusion-content-box-hover content-box-column-last-in-row\"><div class=\"col content-box-wrapper content-wrapper link-area-link-icon icon-hover-animation-fade\" data-animationOffset=\"top-into-view\"><div class=\"heading heading-with-icon icon-left\"><div class=\"icon\"><i style=\"border-color:var(--awb-color8);border-width:0px;background-color:rgba(215,20,68,0.32);box-sizing:content-box;height:48px;width:48px;line-height:48px;border-radius:50%;font-size:24px;\" aria-hidden=\"true\" class=\"fontawesome-icon fa-database fas circle-yes\"><\/i><\/div><h2 class=\"content-box-heading fusion-responsive-typography-calculated\" style=\"--h2_typography-font-size:18px;--fontSize:18;line-height:1.25;\">3. Identify Process &amp; Communication Gaps<\/h2><\/div><div class=\"fusion-clearfix\"><\/div><div class=\"content-container\">\n<p style=\"color: rgb(92, 103, 112);\">Most failures during incidents happen because of coordination issues, not lack of tools. TTX reveals:<\/p>\n<ul>\n<li><span style=\"color: rgb(92, 103, 112);\">Delayed escalation<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">Confusion between IT\/SOC\/legal\/comms<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">Missing contact points<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">Vendor dependency issues<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">Slow approval processes<\/span><\/li>\n<\/ul>\n<\/div><\/div><\/div><div style=\"--awb-backgroundcolor:rgba(255,255,255,0);\" class=\"fusion-column content-box-column content-box-column content-box-column-4 col-lg-12 col-md-12 col-sm-12 fusion-content-box-hover content-box-column-last-in-row\"><div class=\"col content-box-wrapper content-wrapper link-area-link-icon icon-hover-animation-fade\" data-animationOffset=\"top-into-view\"><div class=\"heading heading-with-icon icon-left\"><div class=\"icon\"><i style=\"border-color:var(--awb-color8);border-width:0px;background-color:rgba(215,20,68,0.32);box-sizing:content-box;height:48px;width:48px;line-height:48px;border-radius:50%;font-size:24px;\" aria-hidden=\"true\" class=\"fontawesome-icon fa-handshake fas circle-yes\"><\/i><\/div><h2 class=\"content-box-heading fusion-responsive-typography-calculated\" style=\"--h2_typography-font-size:18px;--fontSize:18;line-height:1.25;\">4. Strengthen Cross-Functional Collaboration<\/h2><\/div><div class=\"fusion-clearfix\"><\/div><div class=\"content-container\">\n<p style=\"color: rgb(92, 103, 112);\">A well-run exercise aligns multiple stakeholders:<\/p>\n<ul>\n<li><span style=\"color: rgb(92, 103, 112);\">Security team<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">IT operations<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">Legal<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">HR<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">PR\/Communications<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">Management<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">Third-party vendors<\/span><\/li>\n<\/ul>\n<p style=\"color: rgb(92, 103, 112);\">Teams learn how to work together before a real crisis happens.<\/p>\n<\/div><\/div><\/div><div style=\"--awb-backgroundcolor:rgba(255,255,255,0);\" class=\"fusion-column content-box-column content-box-column content-box-column-5 col-lg-12 col-md-12 col-sm-12 fusion-content-box-hover content-box-column-last-in-row\"><div class=\"col content-box-wrapper content-wrapper link-area-link-icon icon-hover-animation-fade\" data-animationOffset=\"top-into-view\"><div class=\"heading heading-with-icon icon-left\"><div class=\"icon\"><i style=\"border-color:var(--awb-color8);border-width:0px;background-color:rgba(215,20,68,0.32);box-sizing:content-box;height:48px;width:48px;line-height:48px;border-radius:50%;font-size:24px;\" aria-hidden=\"true\" class=\"fontawesome-icon fa-tasks fas circle-yes\"><\/i><\/div><h2 class=\"content-box-heading fusion-responsive-typography-calculated\" style=\"--h2_typography-font-size:18px;--fontSize:18;line-height:1.25;\">5. Meet Compliance &amp; Audit Expectations<\/h2><\/div><div class=\"fusion-clearfix\"><\/div><div class=\"content-container\">\n<p style=\"color: rgb(92, 103, 112);\">Many frameworks and regulators increasingly expect organisations to conduct cyber crisis simulations, including:<\/p>\n<ul>\n<li><span style=\"color: rgb(92, 103, 112);\">ISO 27001<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">NIST CSF<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">SOC 2<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">MAS TRM<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">PDPA-related governance expectations<\/span><\/li>\n<\/ul>\n<p style=\"color: rgb(92, 103, 112);\">A TTX demonstrates operational maturity and preparedness.<\/p>\n<\/div><\/div><\/div><div style=\"--awb-backgroundcolor:rgba(255,255,255,0);\" class=\"fusion-column content-box-column content-box-column content-box-column-6 col-lg-12 col-md-12 col-sm-12 fusion-content-box-hover content-box-column-last-in-row\"><div class=\"col content-box-wrapper content-wrapper link-area-link-icon icon-hover-animation-fade\" data-animationOffset=\"top-into-view\"><div class=\"heading heading-with-icon icon-left\"><div class=\"icon\"><i style=\"border-color:var(--awb-color8);border-width:0px;background-color:rgba(215,20,68,0.32);box-sizing:content-box;height:48px;width:48px;line-height:48px;border-radius:50%;font-size:24px;\" aria-hidden=\"true\" class=\"fontawesome-icon fa-star fas circle-yes\"><\/i><\/div><h2 class=\"content-box-heading fusion-responsive-typography-calculated\" style=\"--h2_typography-font-size:18px;--fontSize:18;line-height:1.25;\">6. Increase Confidence During Real Incidents<\/h2><\/div><div class=\"fusion-clearfix\"><\/div><div class=\"content-container\">\n<p style=\"color: rgb(92, 103, 112);\">When teams have rehearsed scenarios before, response becomes:<\/p>\n<ul>\n<li><span style=\"color: rgb(92, 103, 112);\">Faster<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">More structured<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">Less emotional<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">More coordinated<\/span><\/li>\n<\/ul>\n<p style=\"color: rgb(92, 103, 112);\">This directly reduces downtime and business impact.<\/p>\n<\/div><\/div><\/div><div style=\"--awb-backgroundcolor:rgba(255,255,255,0);\" class=\"fusion-column content-box-column content-box-column content-box-column-7 col-lg-12 col-md-12 col-sm-12 fusion-content-box-hover content-box-column-last-in-row\"><div class=\"col content-box-wrapper content-wrapper link-area-link-icon icon-hover-animation-fade\" data-animationOffset=\"top-into-view\"><div class=\"heading heading-with-icon icon-left\"><div class=\"icon\"><i style=\"border-color:var(--awb-color8);border-width:0px;background-color:rgba(215,20,68,0.32);box-sizing:content-box;height:48px;width:48px;line-height:48px;border-radius:50%;font-size:24px;\" aria-hidden=\"true\" class=\"fontawesome-icon fa-sync-alt fas circle-yes\"><\/i><\/div><h2 class=\"content-box-heading fusion-responsive-typography-calculated\" style=\"--h2_typography-font-size:18px;--fontSize:18;line-height:1.25;\">7. Test Business Continuity &amp; Recovery Assumptions<\/h2><\/div><div class=\"fusion-clearfix\"><\/div><div class=\"content-container\">\n<p style=\"color: rgb(92, 103, 112);\">TTX helps validate:<\/p>\n<ul>\n<li><span style=\"color: rgb(92, 103, 112);\">Backup recovery assumptions<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">RTO\/RPO expectations<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">Alternate communication methods<\/span><\/li>\n<li><span style=\"color: rgb(92, 103, 112);\">Third-party recovery dependencies<\/span><\/li>\n<\/ul>\n<p style=\"color: rgb(92, 103, 112);\">Many organizations realize their recovery expectations are unrealistic only during exercises.<\/p>\n<\/div><\/div><\/div><div style=\"--awb-backgroundcolor:rgba(255,255,255,0);\" class=\"fusion-column content-box-column content-box-column content-box-column-8 col-lg-12 col-md-12 col-sm-12 fusion-content-box-hover content-box-column-last content-box-column-last-in-row\"><div class=\"col content-box-wrapper content-wrapper link-area-link-icon icon-hover-animation-fade\" data-animationOffset=\"top-into-view\"><div class=\"heading heading-with-icon icon-left\"><div class=\"icon\"><i style=\"border-color:var(--awb-color8);border-width:0px;background-color:rgba(215,20,68,0.32);box-sizing:content-box;height:48px;width:48px;line-height:48px;border-radius:50%;font-size:24px;\" aria-hidden=\"true\" class=\"fontawesome-icon fa-child fas circle-yes\"><\/i><\/div><h2 class=\"content-box-heading fusion-responsive-typography-calculated\" style=\"--h2_typography-font-size:18px;--fontSize:18;line-height:1.25;\">8. Build Cybersecurity Culture<\/h2><\/div><div class=\"fusion-clearfix\"><\/div><div class=\"content-container\">\n<p style=\"color: rgb(92, 103, 112);\">A TTX changes cybersecurity from \u201cIT\u2019s problem\u201d into a business-wide responsibility. It increases awareness among leadership and non-technical stakeholders.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-clearfix\"><\/div><\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-4 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:0px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-4 fusion-sep-none fusion-title-text fusion-title-size-one\"><h1 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:47;line-height:var(--awb-typography1-line-height);\"><strong>Why Firmus?<\/strong><\/h1><\/div><div class=\"fusion-text fusion-text-4\"><p>Firmus combines offensive security expertise, governance consulting, and real-world cybersecurity implementation experience to deliver practical, risk-driven, and business-aligned security services. Our consultants work closely with organizations to strengthen cybersecurity resilience while ensuring security initiatives remain operationally effective and aligned with business objectives.<\/p>\n<p>Firmus is also recognized through multiple industry-leading certifications and accreditations, including:<\/p>\n<\/div><ul style=\"--awb-line-height:27.2px;--awb-icon-width:27.2px;--awb-icon-height:27.2px;--awb-icon-margin:11.2px;--awb-content-margin:38.4px;--awb-circlecolor:var(--awb-color5);--awb-circle-yes-font-size:14.08px;\" class=\"fusion-checklist fusion-checklist-2 fusion-checklist-default type-icons\"><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-check-circle fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p><strong>CREST Accredited Company with CREST Certified Consultants<\/strong><\/p>\n<p>Firmus is CREST accredited, validating our capabilities, methodologies, and quality standards in delivering professional cybersecurity assessment and penetration testing services aligned with internationally recognized best practices.<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-check-circle fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p><strong>ISO\/IEC 27001:2022 Certified<\/strong><\/p>\n<p>Firmus is certified to ISO\/IEC 27001:2022, demonstrating our commitment to maintaining a robust Information Security Management System (ISMS) and protecting the confidentiality, integrity, and availability of information assets.<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-check-circle fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p><strong>Cyber Trust Mark \u2014 Advocate Level Certification<\/strong><\/p>\n<p>Firmus is certified at the highest Cyber Trust Mark tier, demonstrating advanced cybersecurity maturity and operational excellence.<\/p>\n<\/div><\/li><\/ul><div class=\"fusion-text fusion-text-5\"><p>These certifications and accreditations reflect Firmus\u2019 commitment to maintaining high cybersecurity standards, operational discipline, and trusted service delivery for enterprise and regulated environments.<\/p>\n<\/div><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"100-width.php","meta":{"footnotes":""},"class_list":["post-3766","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Table Top Exercise (TTX) - Penetration Testing Singapore | Top Pentest Services Expert<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/firmussec.com\/sg\/table-top-exercise-ttx\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Table Top Exercise (TTX) - Penetration Testing Singapore | Top Pentest Services Expert\" \/>\n<meta property=\"og:url\" content=\"https:\/\/firmussec.com\/sg\/table-top-exercise-ttx\/\" \/>\n<meta property=\"og:site_name\" content=\"Penetration Testing Singapore | Top Pentest Services Expert\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/FIRMUSsec\/\" \/>\n<meta property=\"article:modified_time\" content=\"2026-07-03T13:11:40+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/table-top-exercise-ttx\\\/\",\"url\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/table-top-exercise-ttx\\\/\",\"name\":\"Table Top Exercise (TTX) - Penetration Testing Singapore | Top Pentest Services Expert\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/#website\"},\"datePublished\":\"2026-07-03T08:00:00+00:00\",\"dateModified\":\"2026-07-03T13:11:40+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/table-top-exercise-ttx\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/firmussec.com\\\/sg\\\/table-top-exercise-ttx\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/table-top-exercise-ttx\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Table Top Exercise (TTX)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/#website\",\"url\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/\",\"name\":\"Penetration Testing Singapore | Top Pentest Services Expert\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/#organization\",\"name\":\"Penetration Testing Singapore | Top Pentest Services Expert\",\"url\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/dev\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/FIRMUS_Red-1.png\",\"contentUrl\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/dev\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/FIRMUS_Red-1.png\",\"width\":1244,\"height\":281,\"caption\":\"Penetration Testing Singapore | Top Pentest Services Expert\"},\"image\":{\"@id\":\"https:\\\/\\\/firmussec.com\\\/sg\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/FIRMUSsec\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/firmus-security\\\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Table Top Exercise (TTX) - Penetration Testing Singapore | Top Pentest Services Expert","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/firmussec.com\/sg\/table-top-exercise-ttx\/","og_locale":"en_US","og_type":"article","og_title":"Table Top Exercise (TTX) - Penetration Testing Singapore | Top Pentest Services Expert","og_url":"https:\/\/firmussec.com\/sg\/table-top-exercise-ttx\/","og_site_name":"Penetration Testing Singapore | Top Pentest Services Expert","article_publisher":"https:\/\/www.facebook.com\/FIRMUSsec\/","article_modified_time":"2026-07-03T13:11:40+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/firmussec.com\/sg\/table-top-exercise-ttx\/","url":"https:\/\/firmussec.com\/sg\/table-top-exercise-ttx\/","name":"Table Top Exercise (TTX) - Penetration Testing Singapore | Top Pentest Services Expert","isPartOf":{"@id":"https:\/\/firmussec.com\/sg\/#website"},"datePublished":"2026-07-03T08:00:00+00:00","dateModified":"2026-07-03T13:11:40+00:00","breadcrumb":{"@id":"https:\/\/firmussec.com\/sg\/table-top-exercise-ttx\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/firmussec.com\/sg\/table-top-exercise-ttx\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/firmussec.com\/sg\/table-top-exercise-ttx\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/firmussec.com\/sg\/"},{"@type":"ListItem","position":2,"name":"Table Top Exercise (TTX)"}]},{"@type":"WebSite","@id":"https:\/\/firmussec.com\/sg\/#website","url":"https:\/\/firmussec.com\/sg\/","name":"Penetration Testing Singapore | Top Pentest Services Expert","description":"","publisher":{"@id":"https:\/\/firmussec.com\/sg\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/firmussec.com\/sg\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/firmussec.com\/sg\/#organization","name":"Penetration Testing Singapore | Top Pentest Services Expert","url":"https:\/\/firmussec.com\/sg\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/firmussec.com\/sg\/#\/schema\/logo\/image\/","url":"https:\/\/firmussec.com\/sg\/dev\/wp-content\/uploads\/2022\/12\/FIRMUS_Red-1.png","contentUrl":"https:\/\/firmussec.com\/sg\/dev\/wp-content\/uploads\/2022\/12\/FIRMUS_Red-1.png","width":1244,"height":281,"caption":"Penetration Testing Singapore | Top Pentest Services Expert"},"image":{"@id":"https:\/\/firmussec.com\/sg\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/FIRMUSsec\/","https:\/\/www.linkedin.com\/company\/firmus-security\/"]}]}},"_links":{"self":[{"href":"https:\/\/firmussec.com\/sg\/wp-json\/wp\/v2\/pages\/3766","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/firmussec.com\/sg\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/firmussec.com\/sg\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/firmussec.com\/sg\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/firmussec.com\/sg\/wp-json\/wp\/v2\/comments?post=3766"}],"version-history":[{"count":6,"href":"https:\/\/firmussec.com\/sg\/wp-json\/wp\/v2\/pages\/3766\/revisions"}],"predecessor-version":[{"id":3832,"href":"https:\/\/firmussec.com\/sg\/wp-json\/wp\/v2\/pages\/3766\/revisions\/3832"}],"wp:attachment":[{"href":"https:\/\/firmussec.com\/sg\/wp-json\/wp\/v2\/media?parent=3766"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}