Tabletop exercise
Definition
A structured, discussion-based simulation in which team members walk through a hypothetical incident using the playbook as a guide, without touching live systems. Used to test playbook logic, identify gaps, and build team familiarity.
Related terms
- Decision gate
- A checkpoint within a playbook at which the responder must evaluate a condition, such as whether data exfiltration has been confirmed, and...
- Indicators of compromise (IoCs)
- Artefacts observed on a network or system that suggest an intrusion or malicious activity has occurred, such as unusual outbound connections, known-malicious...
- Playbook
- A documented step-by-step procedure for responding to a specific type of security event. Playbooks standardise analyst behaviour, reduce response time, and ensure...
- Runbook
- A technical execution document, sometimes used interchangeably with playbook but more precisely refers to the low-level commands and scripts used during a...
- SOAR
- Security Orchestration, Automation and Response. A platform that can execute playbook steps automatically, such as blocking an IP address or disabling a...
Explained in
- Developing and Using Incident Response PlaybooksA structured, discussion-based simulation in which team members walk through a hypothetical incident using the playbook as a guide, without touching live syste...