When’s the last time you actually tested your incident response capabilities or contingency planning measures? Sure, it’s a requirement for many of today’s growing regulations, but aside from that, it should be done regularly. One of the best measures for performing such tests is none other than tabletop exercises.
Tabletop exercises are discussion-based exercises where personnel meet in a classroom setting or in breakout groups to discuss their roles during an emergency and their responses to a particular emergency situation. A facilitator presents a scenario and asks the exercise participants questions related to the scenario, which initiates a discussion among the participants of roles, responsibilities, coordination, and decision-making. A tabletop exercise is discussion-based only and does not involve deploying equipment or other resources.
There are a multitude of resources available for tabletop exercises. But they are just resources - tools to undertake an exercise - you still need to perform them. Also, to get real value out of your tabletop exercises for incident response and contingency planning, make them applicable to your environment.
Some great resources for tabletop exercises are available from the Cybersecurity & Infrastructure Security Agency (CISA) at https://www.cisa.gov/cisa-tabletop-exercise-packages
Per CISA, "Each package is customizable and includes template exercise objectives, scenarios, and discussion questions as well as a collection of references and resources. Available scenarios cover a broad array of physical security and cybersecurity topics, such as natural disasters, pandemics, civil disturbances, industrial control systems, election security, ransomware, vehicle ramming, insider threats, active assailants, and unmanned aerial systems.