Tabletop exercises: Six sample scenarios

Plus, start your journey with 10 pro tips for running a successful tabletop exercise.

typewriter are you ready prepare contingency disaster recovery
Getty Images

Editor's note: This article, originally published in 2006, has been updated to reflect recent trends. 

A tabletop exercise is an informal, discussion-based session in which a team talks through their roles and responses during an emergency, walking through one or more example scenarios. It's a great way to get business continuity plans off the written page without the interruption of a full-scale drill: rather than actually simulating a disaster, a group within the company gathers for a few hours to talk through a simulated crisis.

The exercise is increasingly a staple of IT security preparedness programs. "I find that companies who have a healthy respect for their cyber risk are the ones doing tabletops," says Dan Burke, Senior VP and National Cyber Practice Leader at Woodruff Sawyer. "Designing an incident response plan is beneficial, but putting it to the test will give you the practical insights that only come from experience."

If you're new to the idea of tabletop exercises and want a solid overview of what's goes into one, check out our in-depth explainer on the topic. But if you have a handle on the basics and are thinking about how you can most effectively implement a tabletop exercise at your own organization, then read on. We've collected some tips on best practices from a range of security pros, who have also helped us put together some example scenarios that should give you some ideas for your own exercises.

10 tips for running an effective tabletop exercise

To continue reading this article register now

22 cybersecurity myths organizations need to stop believing in 2022