Tool

Introduction to Tabletop Exercises: a Practical Guidebook for Organizations

This publication seeks to provide guidance in designing, developing and evaluating how and when to conduct a tabletop exercise as a tool to improve an organization’s cyber security policymaking and operations capacities.

The guide aims to offer a public-private cross organizational scope. Therefore, it is not written from a strictly business point of view, but rather provides a macro-level approach to achieving cybersecurity resilience through TTXs. This way, organizations ranging from those which are part of critical infrastructure to others such as SMEs can make use and benefit from this guidebook. The overall goal of the guide is to provide practical considerations to bridge the gap between technical operations and administration/politics in understanding the benefits of undertaking TTXs at all national and organizational levels and increase the knowledge of the personnel responsible for organizing TTXs so that they achieve their capacity building objectives.

This guidebook is mainly aimed for:

  • Cyber policymakers in governments,
  • Cyber security preparedness and response organizations,
  • Critical infrastructure owners and operators,
  • Governmental and ministerial institutions (e.g., NCSCs) focused on implementing national cyber security programs via policy or regulation,
  • Technical community and other cyber security practitioners.

The document is the first of a series of three deliverables that will assist practitioners in identifying areas that would benefit from TTXs, as well as designing and implementing them in a way that increases cyber security capabilities.