September 22, 2021

What exactly does a tabletop exercise entail?

My employer is having their first ever tabletop exercise. Never been a part of one before and not sure what to expect.

Questions I have:

* What exactly are they used for?
* How do they operate?
* What do I need to do to prepare for it?



Really depends on the exercise. Usually it’s to walk through an incident response simulation to gauge how effective your IR procedures are and identify areas for improvement.


I do this almost full time. The point of the tabletop exercise is to “exercise” your incident response procedures in a safe setting. Kind of like practicing how your team slays the dragon in a D&D session before you literally armor up and climb Mt Doom.

Tabletops can be conducted at a variety of levels: at a tactical technical level with the SOC and IT teams to test tooling and processes, or a management/executive level to test business processes and contingencies.

They operate differently depending on the need. A critical aspect tho is the “tabletop” description. Systems are not touched. This is not a live incident. Everything is occurring at the table, not in your production infrastructure.
The facilitator may use tools like web apps, PowerPoint, or other interactive tools to play it out for you, but you’ll handle the incident at the conference table, not at an analyst desk with hands on keyboard.

What do you need to do to prepare? Ideally nothing. The goal is to see how prepared the team is in current state. What do people usually do? Review their IRP, playbooks, flowcharts and make sure they know their role.

90% of my exercises are ransomware if that helps.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.