top of page

Learn to Build and Conduct Tabletop Exercises for Incident Response

October 22, 2024 | 8:00am-4:00pm | Includes Lunch

Blurry Blue

Cyber Incident Preparedness Workshop: Learn to Build and Conduct Tabletop Exercises for Incident Response

__

This class offers a practical introduction to conducting tabletop exercises for cyber incident preparedness, emphasizing the role of these exercises in validating and strengthening incident response (IR) plans and playbooks. Participants will learn how to plan, facilitate, and evaluate tabletop exercises, including setting objectives, developing scenarios, and managing the exercise process. The session covers best practices for ensuring realistic and impactful exercises, as well as post-exercise evaluation and remediation. By the end of the class, attendees will be equipped with the skills to effectively conduct tabletop exercises, enhancing their organization's readiness for cyber incidents.

 

 

Introduction

 

  • Definition of tabletop exercises

  • Covering the different kinds of tabletop exercises

  • Importance of conducting tabletop exercises

  • Connection of tabletop to IR plan and playbooks

  • Benefits and outcomes of conducting tabletop exercises

  • What makes a good Tabletop exercise

 

Preparing for the Exercise

 

  • Identifying objectives

  • Selecting participants

  • Developing scenarios

  • Creating rules and guidelines

  • Establishing a communication plan

  • Prepare questions for the audience

  • Setting roles for the exercise

 

Conducting the Exercise

 

  • Briefing the participants

  • Introducing the scenario

  • Facilitating the exercise

  • Monitoring the exercise

  • Documenting the exercise

  • Presenting and handling unexpected situations

 

Post-Exercise Activities

 

  • Evaluating the exercise

  • Provide observations from the exercise

  • Identifying strengths and weaknesses

  • Provide Recommendations based on observations

  • Creating a report based on observations and recommendations

  • Develop a remediation plan

  • Communicating the results

 

Best Practices

 

  • Avoiding common mistakes

  • Incorporating feedback

  • Keeping the exercise realistic

  • Ensuring confidentiality

  • Planning for follow-up activities

 

Conclusion

 

  • Summary of the key points

  • Importance of ongoing training and practice

  • Encouragement to conduct tabletop cyber exercises to maintain IR plan and playbooks

bottom of page