Tabletop exercises


Training is a critical step in being prepared to respond to real cybersecurity incidents. A quick and easy way to help prepare your team is to hold short 15 minute table top exercises every month. Here are a few of the important questions you may want to ask while holding a tabletop exercise:

  • Do you have a Cybersecurity Incident Response Plan?
  • Do you have compliance requirements you must adhere to? (PCI-DSS, HIPPA, FISMA, IRS, or Sarbanes-Oxley)
  • Who should you notify internally in your organization? External to your organization?
  • Do you have a backup point-of-contact for key roles in your organization? (For example, who do you contact if the manager who handles cybersecurity issues is out sick or out of town on vacation?)
  • What are the resources available to your team?
  • Who do you contact to get more resources? (For example: consultation, equipment, or additional cybersecurity professionals.)


Here are some tabletop exercises you can use: