MISSION OBJECTIVE:
Each group to resolve assigned IT incident response scenario(s) within assigned timeframe. Unified Command (UC) will be simulated by Blackrock 3 or other designees. Each group will function under an Incident Leader (IL).

ROLES:
Incident Leader: Drive the discussion and delegate tasks.
Person responsible for Communications: Provide briefings as directed.
Person responsible for Tactical Docuementation: Capture details and key events of the discussion and deliverables. Share at the end of the briefing.

EXERCISE PARAMETERS:

• Incident Leader briefs group on written description of a past, present or potential IT incident response scenario. Problem statement to be provided by Blackrock 3.
• Once each group has received the scenario and briefing, the Incident Leader drives a discussion about resolving the scenario. There must be a primary resolution plan and a contingency resolution plan (Plan B).
• The incident should be documented using the spreadsheet template provided below.
• The spreadsheet should be uploaded and submitted using form below.

MINIMUM DELIVERABLES:

• Identify SEV or P level for the incident.
• Create a list of SMEs, vendors, Executives, etc. that would be dispatched to the incident.
• Draw an org chart depicting all the incident responders identified above.
• Draft an overall Mission Objective for the response.
• Draft a CAN report for the primary resolution plan and Plan B.
• Identify any unique aspects or challenges of the response that may pose a challenge to the resolution effort.
• List the cadence and potential audiences for any briefings that need to occur outside the resolution effort.
• The person responsible for Communications delivers the scenario briefing in the main session at the conclusion of the exercise.
• The person responsible for Communications may be called back to the main session to update UC. There may also be other injects to the exercise by Blackrock 3 staff.