Level 2: Sprint 5
Simulated Technology Failure, Small Group
Each group to resolve assigned IT incident response scenario(s) within assigned timeframe. Unified Command (UC) will be simulated by Blackrock 3 or other designees. Each group will function under an Incident Leader (IL).
Incident Commander: Drive the discussion and delegate tasks.
LNO: Provide briefings as directed.
Scribe: Capture details and key events of the discussion and deliverables. Share at the end of the briefing.
- Incident Commander briefs group on written description of a past, present or potential IT incident response scenario. Problem statement to be provided by Blackrock 3.
- Once each group has received the scenario and briefing, the IC drives a discussion toward resolution of the scenario. There must be a primary resolution plan and a contingency resolution plan (Plan B).
- The incident should be documented using one of the spreadsheet templates provided below, and submitted at the end of the exercise.
- Identify SEV or P level for the incident.
- Create a list of SMEs, vendors, executives, etc. that would be dispatched to the incident.
- Draw an org chart depicting all the incident responders identified above.
- Draft an overall Mission Objective for the response.
- Draft a CAN report for the primary resolution plan and Plan B.
- Identify any unique aspects or challenges of the response that may pose a challenge to the resolution effort.
- List the cadence and potential audiences for any briefings that need to occur outside the resolution effort.
- The LNO delivers the scenario briefing in the main session at the conclusion of the exercise.
- The LNO may be called back to the main session to update UC. There may also be other injects to the exercise by Blackrock 3 staff.