Tabletop Exercise

A tabletop exercise (TTX) is a facilitated, scenario-driven rehearsal of an incident response plan, run in a meeting room rather than against live systems. Participants from IT, security, legal, communications, HR, executives, and sometimes external partners react to injects (ransom notes, regulator queries, media calls), surfacing gaps in playbooks, authorities, and toolchains. CISA, NIST SP 800-84, and ISO 22398 provide formal guidance on exercise design. TTXs are typically run two to four times a year and feed an after-action report whose findings drive IRP updates, training, and investments.