Lab Report

A DIY Guide to Creating Cybersecurity Tabletops

Published on 17 August 2023

Actionable Considerations for Cybersecurity Leaders Seeking Readiness Through Tabletop Exercises

This document synthesizes valuable insights shared over a series of sessions by cybersecurity experts from various organizations. This actionable framework for building impactful cybersecurity tabletop exercises was developed collaboratively by and for security leaders. The creators of this document are committed to providing a safe environment for knowledge exchange and have therefore omitted any specific company or individual attributions.

Executive Summary

Cybersecurity leaders find themselves on the frontlines defending against threats growing in sophistication each day. One of the most valuable tools they have is the tabletop exercise. It builds experience and readiness through practice under simulated real-world conditions and brings business leaders along for the ride.

We’ve created this DIY Guide to share best practices on how to develop and facilitate highly effective cybersecurity tabletop exercises. You’ll learn pragmatic steps for designing scenarios, preparing participants, and running events that yield meaningful improvements.

We encourage you to use this guide to make tabletops a regular part of organization-wide cybersecurity training and awareness. But also consider involving junior staff in exercise planning - it’s a remarkable professional development opportunity. Their creativity and fresh perspectives will strengthen the exercise. And it cultivates the incident response skills they’ll need as future leaders.

Unlock to see the rest of the content
SECTION 1: SCOPING
1.1 Establishing Your Goal
1.2 Build the Attack Scenario
1.3 Aligning Your Scenario to a Response Phase
1.4 Exercise Runtime
1.5 Expected Impacts
1.6 Incorporating Realism
SECTION 2: PRE-EXERCISE PLANNING
2.1 Determine Presence Requirements
2.2 Building the Participants List
2.3 Establishing Story Structure
2.4 Planning for Disruptions
2.5 Things to Consider
SECTION 3: EXECUTING YOUR TABLETOP
3.1 Prepare Your Participants
3.2 Room Setup
3.3 Exercise Kickoff
SECTION 4: DRIVING CHANGE
4.1 Event Closure
SECTION 5: SUMMARY
SECTION 6: APPENDIX