ELI5: What are Tabletop Exercises?
The team gathers around a table and talks through “what would we do if this happened?” without touching any real systems. It is like a fire drill using only words and imagination.
Definition
Tabletop exercises are discussion-based simulation exercises in which key stakeholders work through a hypothetical security incident scenario in a conference room setting, without performing any actual technical actions on systems. The goal is to test incident response plans, identify gaps in procedures, and improve coordination and communication between team members and leadership.
Key Details
- No technical execution — purely discussion and decision-making
- Typically facilitated by a scenario leader who presents the incident scenario in stages
- Participants include: IR team, IT, legal, communications, executive leadership, HR
- Tests: decision-making, escalation procedures, communication plan, role clarity, playbook effectiveness
- Low cost compared to full-scale exercises; can be conducted frequently to build team familiarity with scenarios
Connections
- Parent: incident-response — tabletop exercises are a key preparation activity in the IR lifecycle
- See also: preparation