Tabletop Exercises (TTX) have officially earned their position as a critical tool in the CISO’s toolbox. The use of TTX’s for internal security readiness has grown steadily over the past several years. TTX’s were once considered a nice-to-do activity; now they are required by many regulatory bodies. And while the requirement is often an annual TTX, more than once a year is ideal for most organizations. Large organizations may require several TTXs throughout the year to focus on various teams, business units or processes within the organization.
What is a TTX?
According to the National Institute of Standards and Technology (NIST), a TTX is defined as “a discussion-based exercise where personnel with roles and responsibilities in a particular IT plan meet in a classroom setting or in breakout groups to validate the content of the plan by discussing their roles during an emergency and their responses to a particular emergency situation.”
In layman’s terms: one or more teams in the organization roleplay responses to an incident and identify best practices and gaps in their processes to evaluate their actions in preparation for a real event.
Tabletop exercises can be fun and very insightful for all participants involved. The energy in the room, or over a conferencing system such as MS Teams, Webex Teams or Zoom, can generally be felt by all the participants. The interactivity and process of going through the exercise helps to guide teams to identify documentation, skills or processes that would make responding to an incident more seamless and efficient. Many times, simple information that teams think ‘may be available somewhere’ takes time to find, or it is not available at all. These are important insights to have, and remediate, before they are needed.
We will talk more about TTXs in a future blog post, but here are a few high-level tips for planning.
- Pick the appropriate teams to participate; we find that up to 20 participants is ideal. More is hard to manage.
- Plan about 1-2 months in advance to ensure good participation.
- Set aside 90-120 minutes for the exercise.
- Have a facilitator to run the TTX and keep the group on task.
- Have an observer on the team that understands how the process should work.
- Plan a realistic scenario.
- Document, document, document.
- Create an after-action report.
If you need help, give us a call.