Tabletop

NIS2 tabletop exercise blueprint

Practice decision-making under pressure before the real incident happens.

Scenario

Ransomware + supply-chain compromise affecting critical production systems.

Participants

• Incident manager (SOC/IT).
• Leadership representative.
• Legal/compliance owner.
• Communications or stakeholder liaison.

Exercise timeline

1. T+0 alert triage and impact framing.
2. T+30 containment decision and escalation.
3. T+90 external reporting strategy (24/72).
4. T+180 evidence package and board update.

Get tabletop template Run NIS2 test