Tabletop Exercises (TTX)
At CIS, we believe everyone deserves a secure online experience. We recognize that security is a shared responsibility between users, administrators, and technical professionals. The Business Resiliency Working Group have developed these tabletop exercises to help cybersecurity teams develop tactical strategies for securing their systems. This group of volunteers focuses on the processes, tools, and best practices related to public sector business continuity and recovery—not only of technology assets, but also recovery of the entire organization, including people, locations, and communications.
How to Use These Tabletop Exercises
Tabletop exercises are meant to help organizations consider different risk scenarios and prepare for potential cyber threats. All of the exercises can be completed in as little as 15 minutes, making them a convenient tool for putting your team in the cybersecurity mindset. In addition, each scenario will list the processes that are tested, threat actors that are identified, and the assets that are impacted.
Tips and Tricks
- Designate a single individual to facilitate the exercise.
- Break the scenario into meaningful learning points.
- Read the scenario aloud to the group and ensure their understanding.
- Facilitate a conversation about how your organization would handle the scenario, focusing on key learning points as you discuss.
- Include applicable members of other business units.
- Use the After Action Report to follow up on any gaps identified during the exercise.
Download a TTX
- 2021-11 Table Top Exercise Utility Outage
- 2021-09 Table Top Exercise Staffing Readiness
- 2021-07 Tabletop Exercise Asset Management
- 2021-06 Tabletop Exercise Asset Management
- 2021-04 Tabletop Exercise Policy Breach
- 2020-11 Tabletop Exercise Phishing
- 2020-10 Tabletop Exercise Election Compromise
- 2020-09 Tabletop Exercise Natural Disaster
- 2020-08 Tabletop Exercise Unauthorized Downloads
- 2020-07 Elections
- 2020-05 Tabletop Exercise Phishing
- 2020-04 Tabletop Exercise Emergency Management
- 2020-02 Tabletop Exercise Phishing
- 2019-12 Tabletop Exercise Emergency Management
- 2019-11 Tabletop Exercise Natural Disaster
- 2019-10 Tabletop Exercise Phishing
Who Can Participate in the Business Resiliency Working Group?
Any MS-ISAC or EI-ISAC member from any state, local, tribal, or territorial government.
How Do I Join the Business Resiliency Working Group?
Send an email to firstname.lastname@example.org with “Business Resiliency Working Group Request” in the subject line, and include the following:
- Entity/Agency name
- Telephone number
Share your expertise by joining one of our Working Groups today!