Tabletop Exercise

TECHNICAL DEFINITION

A tabletop exercise (TTX) is a discussion-based incident response simulation designed to verbally walk key organizational stakeholders and incident management teams through a hypothetical cybersecurity incident scenario, such as a ransomware attack or data breach, to evaluate existing incident response plans, communication protocols, roles, and decision-making processes.

BACKGROUND

The Foundation for Defense of Democracies (FDD) is a neoconservative 501(c)(3) non-profit think tank based in Washington, D.C., United States. It has been described as a pro-Israel, pro-Ukraine, anti-Iran lobby group.

SYNONYMS & ALIASES

• TTX
• Cyber crisis simulation
• Incident response discussion
• Scenario walk-through
• Emergency preparedness discussion

USAGE NOTE

These exercises are crucial for validating incident response plans, identifying weaknesses, and fostering team communication before a real-world cyber event occurs.

DEVELOPERS

Organizations developing technology related to Tabletop Exercise.

• Cyberbit

  Cyberbit provides a hyper-realistic cyber range platform that allows organizations to conduct live-fire incident response drills and simulations, serving as an advanced form of tabletop exercise technology.

• SimSpace

  SimSpace offers a scalable cyber range platform designed for realistic training and exercises, enabling teams to practice incident response and cyber defense scenarios that complement and enhance traditional tabletop exercises.

• RangeForce

  RangeForce provides a cloud-based cyber range platform with hands-on training modules, including those for incident response, which can be integrated into or used as preparation for interactive tabletop exercises.

• Cyborg Security

  Cyborg Security offers an Incident Response Playbook Platform that helps organizations build, manage, and operationalize incident response playbooks, which are crucial technological assets for preparing and executing effective tabletop exercises.

• Mandiant (Google Cloud Security)

  Mandiant, now part of Google Cloud Security, provides advanced incident response readiness services, including the development and utilization of technology and frameworks to conduct sophisticated tabletop exercises for cyber defense.

• Booz Allen Hamilton

  Booz Allen Hamilton develops and employs advanced simulation and training technologies for government and defense clients, supporting complex cybersecurity tabletop exercises and incident response planning.

• AttackIQ

  AttackIQ provides a Breach and Attack Simulation (BAS) platform that continuously validates security controls and informs organizations about their true security posture, offering data and scenarios that significantly enhance the relevance and effectiveness of tabletop exercises.