Breachdeck Blog

Breachdeck BlogInsights on incident response, tabletop exercises, MITRE ATT&CK, and cybersecurity compliance.https://breachdeck.com/NIST 800-53 IR-3: What Federal Auditors Actually Wanthttps://breachdeck.com/blog/nist-800-53-tabletop-exercise/https://breachdeck.com/blog/nist-800-53-tabletop-exercise/What FISMA and FedRAMP assessors evaluate for IR-3 compliance. The control requirements, SP 800-84 methodology, and how to pass.Tue, 24 Mar 2026 00:00:00 GMTcompliancenist-800-53ir-3tabletop-exercisefismafedrampfederal-compliancesp-800-84Breachdeck TeamDoes Your Cyber Insurance Require a Tabletop Exercise?https://breachdeck.com/blog/cyber-insurance-tabletop-exercise/https://breachdeck.com/blog/cyber-insurance-tabletop-exercise/What cyber insurance carriers want from IR testing in 2026. Which scenarios to run, what to document, and how to time it for renewal.Sat, 21 Mar 2026 00:00:00 GMTcompliancecyber-insurancetabletop-exerciseincident-responsecompliancerenewalunderwritingBreachdeck TeamWhy We Built Breachdeckhttps://breachdeck.com/blog/why-we-built-breachdeck/https://breachdeck.com/blog/why-we-built-breachdeck/Tabletop exercises cost $30K+ and happen once a year. We built something that makes real incident response practice affordable and on demand.Thu, 19 Mar 2026 00:00:00 GMTproduct-updatestabletop-exerciseincident-responsemitre-attackproduct-launchBreachdeck TeamISO 27001 IR Testing: A.5.24 & A.5.26 Requirementshttps://breachdeck.com/blog/iso-27001-incident-response-testing/https://breachdeck.com/blog/iso-27001-incident-response-testing/What ISO 27001 auditors want from IR plan testing. A.5.24, A.5.26, the 2013→2022 mapping, and how to produce evidence that passes.Wed, 18 Mar 2026 00:00:00 GMTcomplianceiso-27001incident-responsetabletop-exercisecomplianceA.5.24A.5.26Breachdeck TeamWhich Compliance Frameworks Require Tabletop Exercises?https://breachdeck.com/blog/compliance-tabletop-exercise-requirements/https://breachdeck.com/blog/compliance-tabletop-exercise-requirements/Every major framework's tabletop exercise requirement in one place. SOC 2, PCI DSS, HIPAA, ISO 27001, NIST, CMMC, DORA, GDPR — what each demands.Sat, 14 Mar 2026 00:00:00 GMTcompliancecompliancetabletop-exerciseincident-responsesoc-2pci-dsshipaaiso-27001nistcmmcdoragdprBreachdeck TeamHIPAA Incident Response Testing: What Auditors Actually Wanthttps://breachdeck.com/blog/hipaa-incident-response-testing/https://breachdeck.com/blog/hipaa-incident-response-testing/What the 2026 HIPAA Security Rule requires for IR plan testing, what OCR auditors evaluate, and how to run an exercise that passes.Sat, 14 Mar 2026 00:00:00 GMTcompliancehipaaincident-responsetabletop-exercisecompliancehealthcare2026-security-ruleBreachdeck TeamPCI DSS 12.10.2: What Your QSA Wants from IR Testinghttps://breachdeck.com/blog/pci-dss-incident-response-testing/https://breachdeck.com/blog/pci-dss-incident-response-testing/What PCI DSS 12.10.2 requires for IR plan testing, what QSAs actually evaluate, and how to run an exercise that passes assessment.Sun, 08 Mar 2026 00:00:00 GMTcompliancepci-dsspci-dss-412-10-2incident-responsetabletop-exercisecomplianceBreachdeck TeamSOC 2 Tabletop Exercises: What Your Auditor Actually Wantshttps://breachdeck.com/blog/soc-2-tabletop-exercise-requirements/https://breachdeck.com/blog/soc-2-tabletop-exercise-requirements/What SOC 2 auditors look for in IR testing evidence. CC7.3, CC7.4, CC7.5 — the criteria that matter and how to not fail them.Sat, 07 Mar 2026 00:00:00 GMTcompliancesoc-2audittabletop-exerciseCC7.3CC7.4CC7.5incident-responseBreachdeck Team