Tabletop Exercise - July 2016


The browser deployed on all workstations in your organization has a significant zero day vulnerability which is actively being exploited. You have already identified 10 workstations that are compromised as a result of this exploit and the help desk call volume due to this problem continues to increase abnormally.

There is currently no vendor patch or vendor workaround. A patch is anticipated to be issued in one week.

Items to discuss:

  • What steps will you take to address the problem?
  • Who do you need to notify?
  • How will you determine if any sensitive data has been lost?
  • What impact will the exploit have on your agency and its operations?
  • Who is in charge?  
  • What actions will you take post-event?

Items to report:

  • Did communications flow as expected?  If not, why?
  • Were processes and procedures followed?
  • Were there any surprises?
  • How well did the exercise work for your organization?