Tabletop Exercise Script for Incident Response Plan

Produces a ready-to-execute tabletop exercise that tests an organization's IR Plan against realistic cyber threats and regulatory notification deadlines.

Prerequisites

1. IR Plan — current incident response plan, escalation hierarchy, severity classification framework
2. Regulatory profile — applicable frameworks and notification deadlines
3. Org context — industry sector, data holdings (PII, PHI, PCI, IP), crisis roles, prior after-action reports
4. Participant list — attendees with titles and IR Plan roles

Quick Start

1. Extract key elements from provided materials (deadlines, escalation paths, data types, prior gaps)
2. Select threat scenario matched to org risk profile
3. Assign participants to functional groups with role cards
4. Design 4–5 progressive injects testing IR phases and notification triggers
5. Draft facilitation guide with ground rules and timing
6. Build debrief agenda and after-action report framework