Level 1: Onsite
Simulated Technology Failure
MISSION OBJECTIVE:
Each group to resolve assigned IT incident response scenario(s) within assigned time frame.
MINIMUM DELIVERABLES:
- Identify SEV or P level for the incident.
- Create a list of SMEs, vendors, executives, etc. that would be dispatched to the incident.
- Draw an org chart depicting all the incident responders identified above.
- Draft an overall Mission Objective for the response.
- Draft a CAN report for the primary resolution plan and Plan B.
- Identify any unique aspects or challenges of the response that may pose a challenge to the resolution effort.
- List the cadence and potential audiences for any briefings that need to occur outside the resolution effort.
- LNO delivers the scenario briefing in the main session at the conclusion of the exercise.
- LNO may be called back to the main session to update UC. There may also be other injects to the exercise by Blackrock 3 staff.
Breakout Room
Incident Commander (IC)
- Appoint key positions.
- Brief team with a CAN report.
- Delegate and set time contracts.
- Drive the discussion toward resolution plans A & contingency plan B, integrating information from team members.
- Watch the time!
Liaison Officer (LNO)
- Keep your own notes of key actions, decisions and benchmarks
- Deliver briefings when directed.
Main Room
Deliver an IMS briefing related to the incident.
Scribe
- Capture details and key events, documenting the incident.
- Screen share your document throughout the exercise.
SCRIBE DOCUMENT:
Main Room
Screen share your Scribe document when asked. Then, submit using the form below.
SMEs
- Confirm tasks received
- Report back to the IC on the tasks you are assigned.
- Make up any missing details. You do NOT need to access real life data sources.
- Support the incident resolution effort.