As part of the Cyber Balkans project, the Cyber Tabletop Exercise Guidebook has been published to assist planning, organising and evaluating tabletop exercises (TTX) in the field of cyber.
The guidebook is written by Mitko Bogranoski, Monika Kachurova, Goce Stevanovski and Elena Trjajansovska as part of the Cyber Balkans project funded by the European Union and implemented by e-Governance Academy.
“We have seen tabletop exercises used well in the Western Balkans – but this guidebook gives an additional boost to knowledge-sharing,” commented Priit Vinkel, Senior Expert at the e-Governance Academy and governance component lead in the Cyber Balkans project. “It can be helpful both for practitioners who want to put together their TTX in cybersecurity or anyone who is looking to find a provider to execute the exercise with,” Vinkel added.
Tabletop exercises have been part of the capacity-building landscape for cybersecurity for years now. Their popularity is easy to see – they bring together different people and tackle real-life scenarios.
And while every tabletop exercise with its scenarios is tailored to the specific audience and issue, many general principles should be followed when putting together a TTX that are now systematically presented in the guidebook.
The guidebook is based on practical know-how and experiences in organising cybersecurity tabletop exercises.
The guidebook provides a comprehensive overview of the lifecycle of creating tabletop exercises, from planning and preparation to execution and evaluation. Additionally, the authors have included practical tips and common pitfalls that can be avoided.
For a successful TTX, designing the exercise around real threats and documenting in real time are crucial among other principles. For common pitfalls, the authors highlight, for example, the need for shifting the mindset from treating the TTX as a performance review to a mentality of “We succeed together by identifying and fixing what doesn’t work.”
To support anyone wanting to put together a tabletop exercise, a special cyber TTX planning worksheet and post-exercise evaluation checklist have also been included in the guidebook.
A Cybersecurity Tabletop Exercise (TTX) is a structured, discussion-based simulation that tests how an organisation would respond to a hypothetical cyber incident.
