Level 2: Sprint 4
Simulated Technology Failure, Small Group
Each group to resolve assigned IT incident response scenario(s) within assigned timeframe. Unified Command (UC) will be simulated by Blackrock 3 or other designees. Each group will function under an Incident Leader (IL).
Incident Leader: Drive the discussion and delegate tasks.
Person responsible for Communications: Provide briefings as directed.
Person responsible for Tactical Docuementation: Capture details and key events of the discussion and deliverables. Share at the end of the briefing.
- Incident Leader briefs group on written description of a past, present or potential IT incident response scenario. Problem statement to be provided by Blackrock 3.
- Once each group has received the scenario and briefing, the Incident Leader drives a discussion about resolving the scenario. There must be a primary resolution plan and a contingency resolution plan (Plan B).
- The incident should be documented using the spreadsheet template provided below.
- The spreadsheet should be uploaded and submitted using form below.
- Identify SEV or P level for the incident.
- Create a list of SMEs, vendors, Executives, etc. that would be dispatched to the incident.
- Draw an org chart depicting all the incident responders identified above.
- Draft an overall Mission Objective for the response.
- Draft a CAN report for the primary resolution plan and Plan B.
- Identify any unique aspects or challenges of the response that may pose a challenge to the resolution effort.
- List the cadence and potential audiences for any briefings that need to occur outside the resolution effort.
- The person responsible for Communications delivers the scenario briefing in the main session at the conclusion of the exercise.
- The person responsible for Communications may be called back to the main session to update UC. There may also be other injects to the exercise by Blackrock 3 staff.
DOWNLOAD the template first, then EDIT directly in Excel or import into Google Sheets. When finished, upload the file using the form below.