Tabletop exercises run against your actual escalation chain, not a generic one.
A ransomware simulation only teaches you something if it uses your L1→L3→SOC Manager→CISO→CTO path, your tools, and your reporting clock.
The IR lifecycle we build runbooks against
Identify
Detection and triage criteria specific enough for an L1 analyst to act on without escalating every alert.
Contain
Pre-approved containment actions that don't require waiting on a meeting to execute.
Eradicate
Root-cause confirmation steps before systems are cleared for recovery.
Recover
Staged restoration with validation gates, not a single "all clear" switch.
Report
CERT-In and RBI reporting drafted against the clock — rehearsed, not improvised on the day.
Tabletop Exercises
Scenario-based simulations — ransomware, supply-chain compromise, insider data exfiltration — run live with your incident response team across functional groups: SOC, IT infra, application owners, communications, legal and leadership.
Runbook Development
Written runbooks for your top incident categories, with decision points, named roles, and reporting timelines that match CERT-In's six-hour window.