TabletopExercise — Interactive Incident Tabletop
6 incident-tabletop scenarios (ransomware encrypts customer DB; region-wide AWS outage; sub-processor breach disclosure; supply-chain compromise via npm; insider threat exfiltration; AI model jailbreak). Walk through 5 phases per scenario (detect → triage → contain → disclose → recover); pick decisions; see canonical answer + framework-grounded rationale.
What it is
The cross-functional companion to IncidentSeveritySim. Where IncidentSeveritySim trains classification (1-line-incident → SEV-N), TabletopExercise trains the multi-team response: who pages who, what does Legal do, when do you tell customers.
What’s in it
- 6 scenarios × 5 phases × 3-choice decision = 90 decision points
- Scenarios: ransomware on customer DB; region AWS outage; sub-processor breach (1,840 customers’ IDs+selfies); npm supply-chain compromise; insider threat (engineer on PIP exfiltrating customer table); AI model jailbreak going viral
- Per phase: question + 3 choices + canonical-answer rationale grounded in NIST SP 800-61 / OFAC guidance / GDPR Art 33 + 34 / SEC Cyber Disclosure Rule
- Live scoreboard: correct / wrong / total
Why this shape
SOC2 CC7.5 + ISO 22301 §8.5 + NIST SP 800-61 Rev 2 all require regular tabletop exercises. CISA’s Tabletop Exercise Packages provide the canonical scenarios. The hard finding most tabletop exercises produce: cross-functional misalignment on disclosure timing.
How it ships
Single HTML file, ~15KB. Zero dependencies + zero persistence. 6 scenarios × 5 phases × 3 choices + decision-feedback engine in 130 lines of vanilla JavaScript.