Design a Tabletop Exercise to Support Your Security Operation
Trust but verify that you are prepared for the next threat.

RETIRED CONTENT
Please note that the content on this page is retired. This content is not maintained and may contain information or links that are out of date.Organizations that do not properly test organizational threat workflow through tabletop exercises risk being the next threat victim, exposing the organization to the next major headline. This is because:
- Poor incident response negatively affects business practices, including workflow, revenue generation, and public image.
- The incident response of most organizations is ad hoc at best. A formal management plan is rarely developed or adhered to, resulting in ineffective firefighting responses and inefficient allocation of resources.
An effective tabletop exercise can be used to:
- Ensure organizational preparedness.
- Identify effectiveness of the overall security program.
- Streamline the security management program.
- Identify people, process, and technology gaps.
- Reduce incident costs and remediation time.
- Increase operational collaboration between prevention, detection, analysis, and response efforts.
- Enhance security pressure posture.
- Improve communication with executives about relevant security risks to the business.
- Preserve reputation and brand equity.
Book Your Workshop
Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.
Module 1: Plan
The Purpose
Evaluate the need for a tabletop exercise.
Key Benefits Achieved
Defined drivers, challenges, methodologies, and needs.
Activities: | Outputs: | |
---|---|---|
1.1 | Establish drivers and challenges for the tabletop exercise. |
|
1.2 | Document exercise methodology. |
|
1.3 | Identify needs and requirements. |
|
Module 2: Design
The Purpose
Determine the topics, scope, objectives, and participant roles and responsibilities for the tabletop exercise.
Key Benefits Achieved
Documented threats, incidents, stakeholders, and logistics.
Activities: | Outputs: | |
---|---|---|
2.1 | Determine the threats, incidents, and topics for the tabletop exercise. |
|
2.2 | Identify and assess people, process, and technology. |
|
2.3 | Coordinate the logistics. |
|
Module 3: Develop
The Purpose
Create briefings, guides, reports, and exercise injects.
Key Benefits Achieved
A plan to develop exercise materials and evaluation criteria.
Activities: | Outputs: | |
---|---|---|
3.1 | Develop exercise facilitation materials. |
|
3.2 | Develop exercise injects. |
|
3.3 | Ensure continuous improvement. |
|
3.4 | Develop a threat escalation protocol. |
|
Module 4: Conduct
The Purpose
Host the mock exercise in a conference or classroom setting.
Key Benefits Achieved
Execution of a mock tabletop exercise.
Activities: | Outputs: | |
---|---|---|
4.1 | Conduct a mock tabletop exercise. |
|
Module 5: Evaluate
The Purpose
Document exercise findings, lessons learned, and next steps.
Key Benefits Achieved
A plan to ensure measurement and continued improvement.
Activities: | Outputs: | |
---|---|---|
5.1 | Ensure continuous improvement. |
|
5.2 | Perform an evaluation of the tabletop exercise. |
|
5.3 | Schedule an after-action review with appropriate stakeholders. |
|