ppt/slides/_rels/slide16.xml.relsj0ERJ,@i-R_AC],u5:sr3|aYAKVPqRN=%1EA'tU__-QCb|$b}Jh 2)C=4tAa-l&aU >fk#-2wB0 7(FuN>VvSb#)h1Ma_dx>[S7j%&Mn/~|Wo PK ! You can get this template for free now. endstream endobj 101 0 obj <>stream Tabletop Ground Rules. Depending on the tabletop exercises objectives and scope, they may require a few hours or multiple days. *u The parties involved are: Share sensitive information only on official, secure websites. Cyber extortion is an increasingly common scenario that can have many negative impacts for your organization, both operationally and from a public relations perspective. [exercise location] [exercise date]. After all, if the organization discovers a weakness in their defenses or problem with their processes in the course of the exercise, that can be thought of as a good thingbetter to figure that out during an exercise than a real crisis, after all. [y n:kl:Q$1nH*kmF}N!VvUNf9W(L3dx8K:nJn;C5f|I PK ! With a functional exercise, participants are seeking to try out particular procedures and resources. Opening Remarks: Emergency Management Institute (EMI) Introductions: EMI . It is less intense than a functional exercise, in which a command center might be staffed by participants playing out a scenario in real time, or a full-scale exercise, which can involve emergency personnel responding a simulated crisis in the field. IHDR V sRGB gAMA a PLTE ` {j{ D\ `3L zz #=u| #?w F^ 5NXk Xm0k j| 0k zz B' MtRNS JFIF C office of water (4608t) epa 817-r-08-005 september 2008, Simple Tabletop Exercise Objectives: - . Large numbers of injured are presenting to the hospital for care and many who are not injured seek shelter and reassurance from medical providers. . Chemicals and Hazardous Materials Incidents, Emergency Planning Exercises for Your Organization, Homeland Security Exercise, and Evaluation Program, Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities, Obtain participant feedback and recommendations for, Increase awareness and understanding of hazards and the potential, Assess the capabilities of existing resources and identify needed, Walkthroughs, workshops or orientation seminars. Overview & Scope This presentation provides a security overview Why run a cyber tabletop exercise How to plan, design and write a cyber tabletop exercise Sample materials are provided Lessons learned . To keep things under control, and to keep . Use tab to navigate through the menu items. A facilitated hot wash discussion held at the end of an exercise is a great way to solicit feedback and identify suggestions for improvement. Members of the campus review and discuss the actions they would take in a particular emergency, testing their emergency plan in an informal, low-stress environment. [y n:kl:Q$1nH*kmF}N!VvUNf9W(L3dx8K:nJn;C5f|I PK ! An incident response tabletop scenario is an exercise where security teams discuss, in a classroom-type setting, their roles in response to an emergency. Consider leveraging a modern emergency communication solution with event pages to simulate a communication exercise during the tabletop. Welcome and Introductions. ?jw /vV-`%^E\qDR^okp"-sL [y n:kl:Q$1nH*kmF}N!VvUNf9W(L3dx8K:nJn;C5f|I PK ! Tabletop exercises with multiple objectives and scenarios and functional exercises may require contractor support, especially if your organization is new to exercises. Table Top Exercise June 16, 2010 University Police & Safety Office Jolean Pederson & Dustin Jensen . The duration of a tabletop exercise depends on the audience, the topic being exercised and the exercise objectives. ^.|Vn{at8Lq There are no hidden agendas or trick questions. . A full-scale exercise is as close to the real thing as possible. A TTX is discussion-based and not only helps participants familiarize themselves with the response process, but enables administrators to gauge the effectiveness of the organization's emergency . [y n:kl:Q$1nH*kmF}N!VvUNf9W(L3dx8K:nJn;C5f|I PK ! A tabletop exercisesometimes abbreviated TTX or TTEis an informal, discussion-based session in which a team discusses their roles and responses during an emergency, walking through one or more example scenarios. Identify probable scenarios for emergencies and business disruption. Tabletop exercises are discussion-based sessions where team members meet in an informal, classroom setting to discuss their roles during an emergency and their responses to a particular emergency situation. hurricane scenario. [y n:kl:Q$1nH*kmF}N!VvUNf9W(L3dx8K:nJn;C5f|I PK ! nK[!0WH'?[-h,t }|-14-8Q/SuZp ~a >~uJgcGP6kpcpL8da:&}y$}aH_c$H+AB&Hq The first question to ask yourself is whether a tabletop exercise is appropriate for your organization. 1. An after-action report that documents suggestions for improvement should be compiled following the exercise and copies should be distributed to management and others. Click the blue shield icon on the bottom left of your screen to edit your cookie preferences. Systems and process, not individuals, being exercised. Tabletop exercises. To lay down the scenario that is being played at the start of the exercise. Read stories from AlertMedia customers about keeping their people safe. Enhancing workplace preparedness with Table-Top Exercises (TTX) October 2019 SGSecure@Workplaces ulletin What is a Table-Top Exercise . When conducting tabletop exercises, a facilitators most important responsibility is to move the discussion forward and, if needed, engage participants who may hang back from expressing their thoughts. Sometimes the response team you put together for an exercise wont be available during an actual incident. However, they are always hypothetical and discussion-based activities, as opposed to other types of preparedness activities. "[ VSDvFDv:#'>=4X` J4hV15i $$Q6A!r[)C bBYdX m"{R!LpH5:(bz2`40-i^*o5UoQF7ux*t~Q=)XsJ6/oO.zA3Qn4,}zVi6Gm6/E^.7;4#7D6g\l>UH"W?{l This video will walk you through everything you need to know to run effective tabletop exercises. It should ~ T] ppt/slides/_rels/slide4.xml.relsj0ERJ,@i-R_AC],u5:sr3|aYAKVPqRN=%1EA'tU__-QCb|$b}Jh 2)C=4tAa-o)Lvm|rMGZpera1nP*+mGq}& eF`Sb3l}J-N-.~|Wo PK ! Ask discussion questions to spark conversation. ",#(7),01444'9=82. Tabletop ExerciseBomb Threat - Explosion Division for Law Enforcement, Homeland Security, and Institutional Research. Z Specificaddressing concrete questions and specifying action items, Measurableestablishing metrics for success up front, Achievable by the participants in the time allotted, Relevant to the mission of the organization, Time-bound within a reasonable timeframe established in advance, Controlling the pace and flow of the exercise, Stimulating discussion and drawing answers and solutions from the group (rather than supplying them). Most are led by a facilitator who guides the conversation and captures lessons learned. hX]o+|*@I(umt|PdfIwIVbQyf8gx(JLpE0n ep5S[1#igh&D\qyNKePh8Dq1TEK@p3 V DE@JDv #2>=LA%qd"XcG @tc=g"zo0kGIfRxD9LjA Fire & police crews will not be available until winds are below 40 mph. `b! " Virtual Tabletop Exercise (VTTX) Tornado Scenario. And The Continuity Advisor has a helpful template that you can use to create after-action reports once the exercise is done. The document you requested has been sent to your provided email address. It is a lengthy exercise which takes place on location using, as much as possible, the equipment and personnel that would be called upon in a real event. endstream endobj 7899 0 obj <>stream local, WARN Tabletop Exercise - . Scenario Event 2 There are constant requests for help from patients, visitors, and staff throughout the facility. ppt/slides/_rels/slide17.xml.relsJ0FP "bTpind8\2_nwd>]SY+ :l/mxuELh%jgIL4("Sl08@#sl\01c;bO.,V ]|/"kKz5)Q{T1@E@KR4 Don't fight the scenario; the scenario has been developed to This can be a stand-alone scenario or used as a curveball during ransomware, since this type of incident can happen alone . These resources were produced with input, advice, and assistance from the exercise planning team, which followed the guidance set forth through FEMA HSEEP. evaluate cyber security protocols and procedures consider to what degree. To guide the Fire Safety Committee members and other participants in deliberating and co-ordinating on . Because the environment of a tabletop exercise is non-threatening, exercise participants can calmly rehearse their roles, ask questions, and troubleshoot problem areas. |t!9rL'~20(H[s=D[:b4(uHL'ebK9U!ZW{h^MhwuV};GoYDS7t}N!3yCaFr3 PK ! Scenario Event 3 Patient surge is beginning to overload available resources. m_{fhzOO%$7hcP|. For instance, participants in a tabletop exercise might have the goal of figuring out how to restore your organization's databases as quickly as possible in the wake of a disaster. %%EOF Z Several of them fit into these two categories, which are perhaps the most common types of cybersecurity tabletop exercises: Incident response tabletop exercise. They wont strain resources and reveal unexpected challenges to the extent that an actual event or rehearsal would. Tabletop ExerciseBomb Threat - Explosion Division for Law Enforcement, Homeland Security, and Institutional Research. Create stunning presentation online in just 3 steps. Please complete the form below to receive this resource. The objective of the tabletop exercise is to strengthen the overall response plan and review associated response procedures through guided discussion of one or more emergency scenarios. We recommend using a mass notification system from a provider such as AlertMedia to reach employees on any device through various channels. There are different types of exercises that can be used to evaluate program plans, procedures and capabilities. [exercise location] [exercise date]. Review the risk assessment and program performance objectives. Many tabletop exercises can be conducted in a few hours, so they are cost-effective tools to validate plans and capabilities. Review roles and responsibilities and ensure everyone is familiar with incident management. Much as we would like to plan and control everything in advance, cybersecurity is a largely reactive process. (Accessed 1/7/2020.) 0 E.g. Fire Evacuation Tornado Event Chemical/Hazmat Spill Active Shooter Scenario 1 It is August in Fargo, ND and most students are on summer break from the NDSU campus. A NContracts has a good guide on running an effective tabletop business continuity planning exercise, which includes understanding your dependencies on specific vendors and potentially looping them into any damage control scenarios. GUIDE TO TEST, TRAINING, AND EXERCISE PROGRAMS FOR IT PLANS AND CAPABILITIES Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation's Foodborne Terrorism Tabletop Exercise - Schedule. Scenario Event 1 Several hospital rooms and offices are damaged. Workplace and residential fires are some of the most common causes of injury and death, but you can nail down your fire evacuation plan with thoughtful exercise planning. Follow the steps in this guide to conduct exercises that test your team's emergency response procedures. Tabletop exercises can also help ensure that critical equipment and tools work as intended and all responsible parties know what to do when a critical event occurs. [y n:kl:Q$1nH*kmF}N!VvUNf9W(L3dx8K:nJn;C5f|I PK ! evaluate chemical and communication alternatives determine interdependencies, Facilitating a Tabletop Exercise - . Today's Tabletop. september 17, 2008 wolf lodge. Exercises should be designed to engage team members and get them working together to manage the response to a hypothetical incident. The table-top exercise is intended to assist the owners/management and Fire Safety Managers (FSMs) of buildings to address the needs of their buildings and . Go to Download. Cyberattack. These are typically activities meant to test a specific procedure or set of desired actions under a safety officer or other personnels direct supervision. Tabletops: Identify roles and responsibilities in different scenarios (1-4 hours to do, 1+ month to plan). Scenario Event 5 Main entrance door is broken and the lock is jammed. PPT Fashion Flat Business General Report Template. Z This sample table -top exercise and guide is based on similar exercises used by North Carolina health care facilities to prepare for responding to natural disasters and other emergencies. Conducting a Tabletop Exercise scenario can help train staff, raise their levels of awareness of the business continuity plan and verify their capabilities to communicate, respond and recover from various events. Get this guide to learn how to choose the best emergency communication solution for your business. IN THE EVENT OF A FIRE A member of staff will activate the fire alarm. [y n:kl:Q$1nH*kmF}N!VvUNf9W(L3dx8K:nJn;C5f|I PK ! Nov 11, 2020. endobj The Emergency Management Assistance Compact (EMAC) Tabletop Exercise (TTX)-Fire Service and Technical Rescue Discipline is sponsored by the National Emergency Management Association (NEMA), with input, advice, and assistance from the EMAC TTX exercise planning team (comprising representatives of the International Association of Fire Chiefs (IAFC)). [y n:kl:Q$1nH*kmF}N!VvUNf9W(L3dx8K:nJn;C5f|I PK ! Tabletop exercises are used to prepare for all sorts of crises, but cybersecurity and disaster recovery are common areas of focus. Scenario Event 6 Main water supply to the hospital is interrupted. 7 Types of Exercises Orientation Meetings: Inform about emergency operations plans an emergency procedures (1-2 hours to do, 2+ days to plan). [logo here]. (U}HOVW4[>[_uosrNF'xNpNpNpNHHHHHHHH9s|;9s|;vq({k>DmmckFPC~*4Gg? %PDF-1.6 % Form a Fire Safety Committee to plan and conduct fire safety programmes including fire evacuation drills and table-top exercises. (PDF) (PPT) Exercise Improvement Matrix. Tabletop exercises can help prepare your company for big emergencies on a small budget and be modified to fit any scenario. Calls to 9-1-1 change from a fire in the mall to shots fired with people down. Cybercrime is a pandemic with repercussions that could drive . Image 20042012 ~Aideon Moderate to major damage is reported for two hundred square miles. Tabletop exercises are an extremely cost-effective way to validate plans and capabilities, and it can help identify vulnerabilities and threats before they become a reality. practice decision-making in the absence of critical information consider the, Active Shooter Tabletop Exercise - . <> If its not evident already, we strongly recommend tabletop exercises and believe thatwhen used effectivelythey can dramatically improve any organizations emergency preparedness and response plans. egin the exercise by reading out the main points of the scenarios presented earlier. 9:00 introduction 9:00 ? Facilitators should control the pace and flow of the exercise. Evaluators are also often involved in developing an after-action report, which details lessons learned and recommendations for future planning, training, and exercises. 125 0 obj <>stream PowerPoint Presentation Author: ICFI Last . 2 0 obj 114 0 obj <>/Filter/FlateDecode/ID[<10D4A91D086C524C8AE674F19C62C00A>]/Index[97 29]/Info 96 0 R/Length 89/Prev 162472/Root 98 0 R/Size 126/Type/XRef/W[1 2 1]>>stream One important thing to keep in mind, as the State of Massachusetts's own emergency preparedness division points out, is that tabletop exercises are not meant to be a test or a competition. February 23, 24 and 25, 2016. . You may have participated in a full-scale exercise while serving in the military, in a government job, or as an employee at a healthcare organization. Contact local emergency management officials to determine if there is an opportunity to participate in a full-scale exercise within your community. Z (n.d.). Follow the steps included in this template to conduct simulated exercises that test your organizations emergency response procedures. This will help them plan, practice and identify gaps in contingency plans for various scenarios. With this type of exercise, the more real the experience can be for participants, the better. moderation, Simple Tabletop Exercise Objectives: - . Of course, youll also need to document your processes for reporting emergencies, unplanned business disruptions, and other critical events. ", a take on tabletop exercises from Bruce Potter that combines a traditional cybersecurity approach with elements from tabletop role-playing games like Dungeons and Dragons. Prepare the ERP in accordance with the guidelines issued by SCDF. m ! Main water and power services are disrupted, but emergency power from the generators is functioning. V0005. Read actionable insights, trends, and advice from our community of experts. In particular, junior staffers need to be given space to comment in front of management, so try to include everyone on an equal footing. Often, these exercises can be completed in a few hours; however, it is common for government agencies and large organizations to dedicate multiple days every quarter to testing response plans for large-scale scenarios. (Doc) 4300 Cherry Creek Drive South Denver, CO 80246. [insert logo here]. The Exercise Guide upon which this sample is based was produced with input, advice, and assistance from a local planning team that followed guidance set Ahead of full-scale exercises, local businesses, law enforcement agencies, and news organizations are typically notified and often given roles to play as well. Fire drill procedure 1. XK ppt/slides/_rels/slide3.xml.relsN0EH=vBIF$l4+$RXd;gbVV}4g%hj+iK{$D05X]W7TP$QL(ij:4^CLOru-"n2h5c(kJvmmhK$|; `wdtHEibI]c#}J/|Ip\$sf7KInkQHL{> PK ! hVMo1q)S{B*rC]! 2P1,j3tB7z|6vNGMf^}gGmEi+x:9mL|z!T/#8GfSqZg_g!2Q8:crL,nUj I(#8C'$6Y.eao'mrM.^$wSXx#(xnX"n*,~~GWg/azRvI]#| zZuJ!rW#_Le[)a=)n0I&%Gx#^HY-6U?d>]I|_LPk)"E{rE6uvk?|{s0I>EEE oi7VUUUU[3V,jT%Yul\81dcCC#C]VVc./I^CU#UGt [y n:kl:Q$1nH*kmF}N!VvUNf9W(L3dx8K:nJn;C5f|I PK ! 8:00 ? endstream endobj startxref Ever thought you had better things to do with your time? Well, such exercises are conducted to prepare us so that we can take better care of each other in times of crisis. Tabletop exercises are not limited to the cybersecurity realm; any organization that has to confront potential crises and disasters can benefit from playing one out. LockA locked padlock While there are plenty of ways to test the technical aspects of your cyberdefenses, a tabletop exercise tests the human and organizational factors that are just as important for cybersecurity. 2) This is meant to be a plausible scenario with events occurring as presented. AJ_}0 PowerPoint Presentation Author: . Now that you know what tabletop exercises are and why theyre useful, heres a quick rundown on how to go about actually performing one: Determine the scenario your exercise is dealing with, identify your participants and their roles, and create an outline of your teams plan that youll put to use in the session. No fault learning exercise - no right or wrong answers. Scenario Event 8 The shipment of vital supplies to the hospital is interrupted. Three sample tabletop exercise scenarios. hb```f``rd`a``Kbd@ AV da8` hP; AQGF[7Jf\38ZAOnN3^xM;X#X3u/}F"B^>dQWCOwr\ AX1R4ZVd/o,MAR@ d0fCP * Pz@EAd1H6&i/"aCGrn5ui%gT !m\H3q;00MU b Tips for facilitators: Focus on drawing out solutions from the group. Exercises enhance knowledge of plans, allow members to improve their own performance and identify opportunities to improve capabilities to respond to real events. PPT Business Gradient Style Colorful Report Template. A Fire at a FACHC Site Tabletop Exercise. WQ,5k=LP|YIuV;Bn7;EL0!8N>:G'":l!*"/,2k#/,:.PK"wWCdQC+. GF Y ppt/_rels/presentation.xml.rels ( n0-MN.k $vy ]9EcG16a(8FE As he went through the list of departments in the company, it became obvious that everyone had some role in preventing or responding to a ransomware attack. Exercise Conduct. For example, if a stairwells small size would hinder an evacuation, this might be overlooked in a simple tabletop exercise. Simple Tabletop Exercise Objectives: - . Larry started by making a list of participants. hVYo1+~LTQJ$(KJ d=I(H Every organization needs a workplace violence prevention plan, and a tabletop exercise can help you determine your readiness. m ! The National Association of Regulatory Utility Commissioners, a group that knows a little bit about the necessity of being prepared for a crisis, suggests the objectives be SMART, by which they mean: There are plenty of consultants who will be happy to lead a tabletop exercise at your organization; however, due to these exercises' informal nature, more often than not they're led by internal staff, and you almost certainly have someone who would do a fine job of leading a tabletop exercise using a guide and some solid examples. . These drills and demonstrations fall under the Emergency Response Plan (ERP)the updated plan that combines and covers the response measures for various kinds of fire and fire-related incidents in buildings. .8mo;(wkj}TheHf)$\"t3/6&LgOhKGZJEd!SFNd,a]\ Y-dV'P^h)34t\JAg^E4`J1NCJJ 1+j9m|V=5. Walkthroughs, workshops and orientation seminars are basic training for team members. But the overall objective of conducting the exercise is to stress-test the organization's disaster recovery plan and see if teams know how to best work together in the face of unexpected problems. While relatively rare, the sad reality is that instances of workplace violence, from the healthcare industry to retail, are becoming more common. Structure fires. Review and update the ERP annually. Chemical, Biological, Radiological, and Explosive (CBRE) Crisis Management. Closing Gaps - Designate a person to take notes of related action items to be assigned to specific individuals. APPLAUSE. Definition (s): A discussion-based exercise where personnel with roles and responsibilities in a particular IT plan meet in a classroom setting or in breakout groups to validate the content of the plan by discussing their roles during an emergency and their responses to a particular emergency situation. Copyright 2023 IDG Communications, Inc. CSO provides news, analysis and research on security and risk management, Tabletop exercise scenarios: 3 real-world examples, Sponsored item title goes here as designed, Security Simulations: This Is Only A Test, emergency preparedness division points out, outlines a process for planning a tabletop exercise, a great facilitator guide for tabletop exercises, scenarios that can put your cybersecurity team through the paces, performing an incident response tabletop exercise, running an effective tabletop business continuity planning exercise, The 10 most powerful cybersecurity companies, 7 hot cybersecurity trends (and 2 going cold), The Apache Log4j vulnerabilities: A timeline, Using the NIST Cybersecurity Framework to address organizational risk, 11 penetration testing tools the pros use. Play your normal role. rules of, Simple Tabletop Exercise Objectives: - . View Fire Safety Mock Drill PPTs online, safely and virus-free! Creating an effective tabletop training exercise for pre-planning MCI response. Cyber Tabletop Exercises& Lessons Learned David Dumas, CISSP, CISM [email protected] ISSA New England Chapter Board Member ISSA Distinguished Fellow February 18, 2014. For example, a tabletop exercise for cyberthreats will be very different from one meant to test hurricane response tactics. Exercises have 3 main purposes: to validate plans (validation) to develop staff competencies and give them . Tips for participants: Perhaps you think another scenario would be a better choice or feel your role is less vital to the discussion than others in the room. Once youve put your plan to the test, look back on what went well, what went wrong, and what youd like to change for next time. It's only worth starting the process if you already have some form of response plan in place for the scenario you'll be running through. Hopefully our description so far has brought home the reasons why an organization would conduct one. Tabletop exercises are also beloved by those tasked with preparing for natural or human-made disasters, and business continuity falls into the overlap between that role and cybersecurity. Two-way messaging ensures employers can stay in touch with employees and that employees can share their own information with safety leaders. (Me7~a242D@HlgR4F"){BF@k![([x;ouqkf_kO61{w-[vxOO)3xi$ ` ]) But one tried-and-true method for mitigating the unknown is the tabletop exercise. ) or https:// means youve safely connected to the .gov website. Subscribe to The Signal by AlertMedia to get updated when we publish new content and receive actionable insights on whats working right now in emergency preparedness. 8:30mingling over breakfast 8:30 ? Tabletop exercise scenarios for business continuity. A fire in your business can be debilitating, and a fire evacuation plan is effective only when employees know what they need to do. Official websites use .gov Tabletop exercises are great for testing plans, but if everyone involved is just improvising, that can't tell you much. Create an interactive, no-fault space, encouraging people ask questions and make mistakes. Direct questions for missing or outside entities to controllers. An official website of the United States government. Of course, not every method is perfect. Participants should be willing to jump into the conversation as needed. First aid. Exercises should be designed to engage team members and get them working together to . Imagine what would happen if this particular emergency/incident occurred in real life. The exercise tests multiple aspects of an organization's operational and communication plans. Tabletop Exercises vs. Drills. Get a Quote; Alert & Declare 877-364-9393; Footer menu. Z 2023 Alert Media, Inc. All Rights Reserved. Creativity/Group Problem SolvingUse the knowledge and information available in the roomActive ThinkingActive Listening Active . Major Earthquake. are designed to help our private sector en their emergency response plans and management table. Z While there's no one right way to conduct a tabletop exercise, there are some important tips that will help you make the most of your tabletop exercises. Call or email us today to arrange for a Fire Drill and Demonstration Exercise at your building premises! Prepare an after-action report that includes documentation of the exercise along with areas of potential improvement. A lock ( Pre-Tabletop Exercise Overview Participants should be well versed in local and state plans, policies, and procedures prior to the exercise. To put it bluntly, what are you hoping to get out of running a tabletop exercise for your organization? Ask stakeholders questions to encourage deeper thinking about potential issues that might arise. There's a free kit you can download to get started. It begins by laying out the big-picture responsibilities of the facilitator: The guide also provides tips on involving all participants and controlling and sustaining the action. A phishing attack exposes a zero-day vulnerability. Professionals use it as it is easy to create and free to download. FIRE DRILL PROCEDUR E 2. As mentioned above, tabletop exercises (also commonly referred to as a TTX) are coordinated discussions for team members to review their roles during an emergency and how they might react in various scenarios.