Tabletop Exercise
Preparing for the cyber incident
Tabletop Exercise
Preparing for the cyber incident
What is a tabletop exercise?
The scenario of a cyber incident is played out in a role play and your company's ability to respond is assessed. «Tabletop» refers to an exercise on the «table», without the use of IT components, i.e. based solely on documented information such as regulations, checklists and emergency processes, to name but a few.
Why is a tabletop exercise important?
Benefits for your organization:
- Gaps and deficiencies are recognized, weak points in the ability to react are made aware of
- Exercise brings routine and therefore less stress in an emergency
- Roles, responsibilities and tasks within the organization are clarified
- A response plan or «runbook» is worked through and documents, processes and communication channels are checked for
o availability of information
o completeness
o comprehensibility and scope for interpretation
o applicability

Who takes part in the role play?
People from different organizational units should be involved who would also be involved in an actual incident. Depending on the scenario chosen, the stakeholders should have a more technical or specialist background, e.g. representatives of the communications department, the crisis team (management) or the IT organization. The exercise is carried out on site at the customer's premises for one day.
Tabletop from the perspective of the Incident Response Center
In the event of a ransomware attack, the Incident Response Center must react first. A tabletop exercise helps employees to answer the following questions:
- How do we ensure that critical systems, applications, files, databases and other resources are protected?
- How do we ensure that the ransomware attack is nipped in the bud and cannot spread?
- Which systems are essential for the company and therefore particularly worth protecting?
Tabletop from a crisis management perspective
In the event of a cyberattack, not only the incident response team is affected, but also representatives of other organizational units. They deal with the following questions:
- Are the working methods, processes and responsibilities of the emergency plan clear and implementable for everyone? Are the escalation channels and interfaces known?
- Does communication work and is the necessary data available (printed information sheets, contact persons, etc.)?
- Can important decisions be made at all with the information available?
Who is the tabletop service aimed at?
- Companies that already have an IT security structure and crisis management processes in place.
- Requirements: The company must already have established an IT emergency organization or an internal or external SOC must be in place.
If the two points mentioned above are not (yet) fulfilled, but you still want to improve your cyber security, we recommend that you start with a readiness audit. As a first step, for example, you can check whether the minimum ICT standard recommended by the Federal Office for National Economic Supply (FONES) is met.