Tabletop Exercise in a Box

Last updated on December 9, 2025

Description

Tabletop in a Box (TTX) is a tool designed to simulate cyber threat scenarios and assess your organization's readiness and resilience against cyberattacks. Through immersive, hands-on practice, a TTX evaluates your organization's cyber resilience and identifies areas for improvement.

This TTX guides key staff and incident responders through structured scenario events and questions, helping to pinpoint current cybersecurity risks and develop actionable solutions for your organization.

A designated facilitator will lead the session, ensuring exercises are conducted effectively and findings are documented. Sessions should be held in a dedicated meeting space, aligned with regular business practices. These exercises are primarily discussion-based and will not impact any network or IT systems.

This TTX exercise focuses on a ransomware attack scenario, one of the most prevalent and damaging cyber threats facing organizations today. By simulating a real-world incident, the exercise allows participants to practice critical decision-making under pressure, validate incident response plans, and improve coordination across technical, business, and leadership teams.

Outcomes

A TTX is one of the most cost-effective ways an organization can test its ability to respond to cyber incidents. By running a TTX, you will:

Establish how effective your current defence and response mechanisms are.
Test and check your existing policies and procedures.
Improve staff internal relationships and skills, specifically their ability to deal with a cyber attack.
Identify areas for further improvement.

Time Commitment

Each exercise could take approximately 90 to 120 minutes to complete.

Who Should Participate?

Recommended participants include:

Senior leader(s) such as CFOs and Risk leaders, emergency or crisis executive committee – Individuals who can make important business and IT decisions and have knowledge of business continuity plans.

IT, Helpdesk or System Support Staff – Individuals with technical knowledge of your IT systems and cyber defense activities across your IT organization.

Incident Response Team Members – This may include IT leadership, HR, Communications, Privacy and Legal representatives.

Optional attendees:

Media/Comms Representative.

Policy Advisor (HR, Business Continuity, etc.).

Scribe (to document key insights).

Resources

TTX Toolkit
To get started, download the TTX Toolkit, which includes: Facilitator's Guide, Participant's Guide, Sample TTX Exercise.

Incident Response Services
A formal incident response plan assists an organization in planning for a cyber event by identifying general roles, responsibilities, communications, actions and responses ahead of an actual cyber-event.

Did you find what you were looking for?

The B.C. Public Service acknowledges the territories of First Nations around B.C. and is grateful to carry out our work on these lands. We acknowledge the rights, interests, priorities, and concerns of all Indigenous Peoples - First Nations, Métis, and Inuit - respecting and acknowledging their distinct cultures, histories, rights, laws, and governments.

More topics