Introduction to Tabletop Exercises: a Practical Guidebook for Organizations

Publish Date:

This publication seeks to provide guidance in designing, developing and evaluating how and when to conduct a tabletop exercise as a tool to improve an organization’s cyber security policymaking and operations capacities.

The guide aims to offer a public-private cross organizational scope. Therefore, it is not written from a strictly business point of view, but rather provides a macro-level approach to achieving cybersecurity resilience through TTXs. This way, organizations ranging from those which are part of critical infrastructure to others such as SMEs can make use and benefit from this guidebook. The overall goal of the guide is to provide practical considerations to bridge the gap between technical operations and administration/politics in understanding the benefits of undertaking TTXs at all national and organizational levels and increase the knowledge of the personnel responsible for organizing TTXs so that they achieve their capacity building objectives.

This guidebook is mainly aimed for:

The document is the first of a series of three deliverables that will assist practitioners in identifying areas that would benefit from TTXs, as well as designing and implementing them in a way that increases cyber security capabilities.