Course Overview
This practical, two-day training course teaches companies how to plan, conduct, and evaluate tabletop exercises (TTX) in accordance with DORA and NIS2.
Participants will learn how to apply regulatory requirements to realistic crisis scenarios, practice decision-making under pressure, and measurably improve organizational resilience.
A particular focus is placed on realistic simulations in which participants actively take on roles and make decisions.
Who should attend
- CISO / Information Security Officer
- IT Managers and Security Officers
- BCM and Risk Manager
- Compliance and Audit Officers
- SOC employees
- Security Incident Manager
- Security consultants and IT service providers
Course Objectives
Upon completion of the training, participants will be able to:
- Translating DORA and NIS2 requirements into training concepts
- Planning and facilitating tabletop exercises in a structured manner
- develop realistic crisis scenarios (e.g., ransomware, third-party failure)
- To evaluate decision-making processes and responsiveness
- Identify vulnerabilities and develop countermeasures
- to establish a sustainable TTX program within the company
Course Content
Day 1 – Fundamentals & Design of Tabletop Exercises
Module 1: Regulatory Context (DORA & NIS2)
- Overview of Resilience Testing Requirements
- Incident Response & Crisis Management in a Regulatory Context
- Expectations of Regulators and Auditors
- Common vulnerabilities encountered in practice
Module 2: Fundamentals of Tabletop Exercises
- Distinction from penetration testing and red teaming
- Objectives and Benefits of TTX
- Roles and Responsibilities (Management, IT, Legal, Communications)
Module 3: Designing a TTX
- Development of realistic scenarios
- Building an Inject Structure (Escalation and Dynamics)
- Defining exercise objectives and KPIs
- Development of a training manual
Practical exercise
- Developing your own scenario in groups
Day 2 – Implementation, Evaluation, and Operationalization
Module 4: Conducting a Tabletop Exercise
- Live simulation of a realistic scenario (e.g., a ransomware attack involving a third-party outage)
- Role-based implementation (Management, IT, Communications)
- Facilitation techniques and managing the exercise
Module 5: Evaluation & Lessons Learned
- Structured debriefing (Hot Wash / Debriefing)
- Identification of vulnerabilities
- Assessment of Responsiveness
- Documentation of the results
Module 6: Mapping to DORA & NIS2
- Identification of Regulatory Gaps
- Prioritization of measures
- Preparing for Audits and Inspections
Module 7: Establishing a TTX Program
- Integration into ISMS and BCM
- Developing a regular exercise routine
- Definition of Key Performance Indicators
- Scaling within the company