Incident Management Training for IT Operations

Level 2: Sprint 5

Simulated Technology Failure, Small Group

Each group to resolve assigned IT incident response scenario(s) within assigned timeframe. Unified Command (UC) will be simulated by Blackrock 3 or other designees. Each group will function under an Incident Leader (IL).

Incident Commander: Drive the discussion and delegate tasks.
LNO: Provide briefings as directed.
Scribe: Capture details and key events of the discussion and deliverables. Share at the end of the briefing.


  • Incident Commander briefs group on written description of a past, present or potential IT incident response scenario. Problem statement to be provided by Blackrock 3.
  • Once each group has received the scenario and briefing, the IC drives a discussion toward resolution of the scenario. There must be a primary resolution plan and a contingency resolution plan (Plan B).
  • The incident should be documented using one of the spreadsheet templates provided below, and submitted at the end of the exercise.


  • Identify SEV or P level for the incident.
  • Create a list of SMEs, vendors, executives, etc. that would be dispatched to the incident.
  • Draw an org chart depicting all the incident responders identified above.
  • Draft an overall Mission Objective for the response.
  • Draft a CAN report for the primary resolution plan and Plan B.
  • Identify any unique aspects or challenges of the response that may pose a challenge to the resolution effort.
  • List the cadence and potential audiences for any briefings that need to occur outside the resolution effort.
  • The LNO delivers the scenario briefing in the main session at the conclusion of the exercise.
  • The LNO may be called back to the main session to update UC. There may also be other injects to the exercise by Blackrock 3 staff.
Click or drag a file to this area to upload.