Top News in Cyber Defence

Cyber Resiliency: Building Strength Through Tabletop Exercises

Part III: How to Develop and Deliver Successful TTX

By: Kevin Sandschafer, COO & VP Cyber Risk and Assurance

Tabletop Exercises are regular, repeated activities that any business can and should incorporate into its operational resiliency plans and processes. In the first blog in this series, we considered how effective and efficient incident response is supported by leveraging TTX on a regular basis. In Part II we assembled the building blocks of TTX that should be in place within your organization to optimize the benefits of the exercise. These building blocks are Assign an Executive Champion, Define Objectives, Acquire Funding & Assign Resources, and Develop A Roadmap.


Today, we’ll continue to examine how to develop and deliver a TTX that works for your organization. There are five steps in the execution process, beginning with Identify and Design:

Identify: Business risk, Industry threats, Vulnerabilities, Stakeholders


Design: Relevant scenarios, event logistics, Rules of engagement, Risk controls


Let’s discuss the next three.


Having prepared in advance for executing your tabletop exercise – roles are defined, logistics are managed, and your people are primed for the activity – you’re now ready to conduct the TTX. With White Tuque as your TTX partner, we will design a Facilitator Guide to aid in conducting the exercise. This Guide is based on the risks your business faces, the threat landscape for your industry, and your specific objectives for organizational resilience and growth.

Our TTX specialist will take your people through the steps of responding to a cyber incident, capturing observations throughout the activity. Following the conclusion of the exercise, a group debrief will optimize your ability to respond to the results and conclusions of the TTX. Ensuring that participants are able to reflect and give feedback on the experience strengthens the relevancy of the activity for your team, and will inform how you design, develop, and deliver your TTX in the future.


Evaluation can be an intimidating step, but it doesn’t need to be. Conducting your TTX is not the pinnacle of the activity, but rather simply the middle of the sandwich. Once concluded, it is important to review the observations from the TTX and feedback discussed in the debrief and capture the strengths and weaknesses of your people, process, and technology based on the findings from the day. White Tuque takes a thorough review of the data points and qualitative information and will work with you to finalize an After-Action Report (AAR) containing recommendations that you can implement with your team.


Enhance the resiliency of your business by acting on your AAR. Assign ownership to any highlighted issues and set realistic timelines to address the areas of concern, with status updates built into your plan of attack. White Tuque knows that your primary focus is the business you operate, and that cybersecurity can’t always be in the spotlight. We will work with you to outline targets for completion that make sense and include approximate budgets for both human and financial resources for any solutions you choose to adopt. With an overall goal of continuous improvement in mind, augmenting the noted strengths and working towards fortifying areas of concern, your business can function and flourish in the face of cyber threats.

The Wrap-Up

Tabletop Exercises are collaborative, interactive, engaging ways to improve the resiliency of your business. They are a dynamic activity that addresses the many moving parts of your business, including your people, process, and technology. The benefits to your business include opportunities for education, training, and risk awareness through accountability and evaluation. They help you protect your critical infrastructure and prevent operational outages, mitigating financial loss, reputational damage, and disruption to doing business.

Every organization can benefit from adopting TTX into its operational resiliency plans. If you’re ready to empower your people to take action during a time of crisis, reach out to White Tuque today! You can get in touch with me at [email protected].

Connect with us on LinkedIn!

Would you like more information on this topic?

Revealing the Power of Cyber Asset Management

In the fast-paced digital era where organizations heavily rely on technology, managing cyber assets has become a critical aspect of ensuring a secure and resilient digital landscape. Cyber Asset Management (CAM) plays a pivotal role

White Tuque Newsletter | February 2024

CyberSafe Chronicles Newsletter Content Tuque’s Take on the News Verizon insider data breach hits over 63,000 employees Verizon Communications is warning that an insider data breach impacts almost half its workforce, exposing sensitive employee information.

Work With Us.