In April, we opened the discussion of Tabletop Exercises (TTX). If you haven’t read that post, go here to read it . As mentioned last month, there are several key components to executing a tabletop exercise. In addition to basic planning and day-of logistics, there are several other considerations to take into account to maximize the value and outcomes of your TTX session to ensure it is a success.
Here are a few pointers for creating a successful session:
- Be realistic. The scenario should be plausible – to your industry, to your technologies, to your threats.
- Limit distractions. Limit the information you give regarding the scenario; you risk driving teams too far off topic during the exercise if too much unnecessary information is provided.
- Stick to the scope. Keep the scenarios very specific to the domains you are interested in discussing. If the intention is to review EDR, don’t intentionally bring other technologies into the fold. If other relevant systems come up during the TTX, you can acknowledge them, but do not allow the team to get stuck on them.
- Engage your participants. Add breakout sessions into the agenda and make time to discuss findings incrementally. Don’t wait until the end of the exercise to review findings. Have discussions to keep everyone engaged throughout the effort.
- Have a baseline. What is the expected outcome? It is important to have an idea of what the results should look like going in.
- Document throughout. Document, document, document – notes, best practices, gaps, next steps. An after-action report is critical to documenting the exercise and the information gathered.
By following these guidelines, you will be able to assemble a TTX that will benefit all involved during and after the exercise. We are happy to provide assistance if you need a hand.