Purpose: Practice! Quick test sections of cyber incident response plan in small groups to build familiarity with the plan and kinds of incidents that could occur. Participants: Scenarios involve various teams and stakeholders.
Prerequisites: Ranges from none to tested plan.
Expected Outcomes: Drill for tech team on low to medium severity incidents. Familiarization to line of business on medium to high severity incidents. General Staff training/familiarization? These scenarios can serve purposes from drilling with the tech team to building familiarity to incidents with line of business staff and leadership.
Length: 15-30 minutes
Template to use with your own 15 Minute Tabletops
| Scenario | Department Focus |
| A Call From the FBI | Technology |
| Account Compromise via Phishing | Technology |
| Email Account Compromise | Technology |
| User Reported Account Compromise | Technology |
| Payment Misdirect | Finance |
| District Data Found on Darkweb | Finance, Human Resources, Instruction, Technology |
| Internal Attack from VPN | Technology |
| Building Security System Compromise | Facilities, Technology |
| Publicly Facing Misconfigured Machine | Technology |
| CISA KEV Vulnerability | Technology |
| Password Reset Procedure | Technology |
| Boss Request for Cyber Posture Update | Administration, Business, Technology |
© 2026 MAISA/MiSecure. This work is licensed under CC BY 4.0.