Tabletop Exercise
What is Tabletop Exercise?
Tabletop ExerciseA discussion-based simulation in which stakeholders walk through a hypothetical cyber incident to test plans, roles, decisions, and communication.
A tabletop exercise (TTX) is a facilitated, scenario-driven rehearsal of an incident response plan, run in a meeting room rather than against live systems. Participants from IT, security, legal, communications, HR, executives, and sometimes external partners react to injects (ransom notes, regulator queries, media calls), surfacing gaps in playbooks, authorities, and toolchains. CISA, NIST SP 800-84, and ISO 22398 provide formal guidance on exercise design. TTXs are typically run two to four times a year and feed an after-action report whose findings drive IRP updates, training, and investments.
● Examples
- 01
A two-hour ransomware tabletop covering containment, ransom decisioning, and legal notifications.
- 02
A supply-chain compromise scenario testing vendor coordination and customer communications.
● Frequently asked questions
What is Tabletop Exercise?
A discussion-based simulation in which stakeholders walk through a hypothetical cyber incident to test plans, roles, decisions, and communication. It belongs to the Forensics & IR category of cybersecurity.
What does Tabletop Exercise mean?
A discussion-based simulation in which stakeholders walk through a hypothetical cyber incident to test plans, roles, decisions, and communication.
How do you defend against Tabletop Exercise?
Defences for Tabletop Exercise typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Tabletop Exercise?
Common alternative names include: TTX, Cyber tabletop.