Security Incident Response Tabletop Exercise Resource Center
Helping higher ed IT leaders prepare for the next security incident
This resource center will help your institution prepare for short-term security incidents that require significant mobilization of IT staff and resources.
When a security incident strikes campus, IT leaders must be able to mobilize staffing and resources in an efficient manner across teams and departments to ensure an effective response. City and state governments, public health agencies, and the military rehearse security incident response procedures using tabletop exercises. Tabletop exercises are team-based simulation activities that allow leaders to practice staff and resource mobilization in response to a short-term incident. EAB’s Security Incident Response Tabletop Exercise Resource Center includes tools and prompts specifically designed for college and university IT leaders to help them navigate campus crises.
The resource center includes a facilitation guide, editable PowerPoint presentation, and an after-action report template, which together provide start-to-finish guidance for IT teams.
Interested in the tabletop exercise? Contact your Strategic Leader or [email protected] to have one of our senior experts facilitate the tabletop exercise for your institution.
Leading a Tabletop Exercise: Guide for Facilitators and Observers
This guide provides detailed instructions to facilitators and observers on how to conduct security incident response tabletop exercises, including sample questions, timing recommendations, and issues to look out for.
Emergency Response Tabletop Exercise Deck
This PowerPoint presentation should be used during the exercise, and provides participants with an introduction to tabletop exercises, an agenda, ground rules, and the incident response prompt and scenarios that they will be responding to. The deck can be modified by facilitators to fit team needs.
After-Action Report
This guide includes debriefing questions and a template so leaders can complete an after-action report, following the tabletop exercise. This report documents strengths and weaknesses of the team’s approach, identifies vulnerabilities in current protocol, and lays out concrete next steps to improve future incident response.