Every CISA Tabletop Exercise Package, free to browse.

Objectives

• Examine the response capabilities of <Chemical Sector Organization> during a significant cyber incident.
• Assess information sharing, notification, and coordination processes during a cyber-physical convergence incident.
• Explore plans to recover critical systems.
• Identify areas of improvement in cyber incident response plans and overall organizational resilience during and following a significant cyber incident.

Modules

• Module 1 — 44 discussion questions
• Module 2 — 30 discussion questions

Objectives

• Assess organizational cyber resilience before, during, and following a cyber incident impacting a special event.
• Examine incident response plans, policies, and capabilities.
• Discuss the procedures for cyber incident information sharing and coordination.

Modules

• Module 1 — 38 discussion questions
• Module 2 – Day of the Special Event — 33 discussion questions

Objectives

• Discuss organizational resilience to threats and disruptions targeting the communications sector.
• Examine plans, policies, and procedures in response to a cyber incident.
• Assess internal/external communications processes.

Modules

• Module 1 — 26 discussion questions
• Module 2 — 27 discussion questions

Objectives

• Examine the response capabilities of <Critical Manufacturing Sector Organization> during a significant cyber incident.
• Assess information sharing, notification, and coordination processes during a cyber incident.
• Identify areas of improvement in cyber incident response plans and overall organizational resilience before, during, and following a significant cyber incident.

Modules

• Module 1 — 38 discussion questions
• Module 2 — 29 discussion questions

Objectives

• Examine the response capabilities of <organization> during a significant cyber incident.
• Examine plans, policies, and procedures in response to a cyber incident.
• Assess internal and external communications processes.

Modules

• Module 1 — 32 discussion questions
• Module 2 — 30 discussion questions

Objectives

• Discuss organizational resilience and response to threats targeting the defense industrial base (DIB) sector.
• Examine plans, policies, and procedures for responding to a cyber incident.
• Assess internal and external communications processes.

Modules

• Module 2
• Module 1 — 33 discussion questions
• Module 2 — 22 discussion questions

Objectives

• Discuss organizational resilience and response to threats targeting the energy sector.
• Examine plans, policies, and procedures in response to a cyber incident.
• Assess internal/external communications processes.

Modules

• Module 1 — 42 discussion questions
• Module 2 — 34 discussion questions

Objectives

• Assess the cyber resilience of <emergency services sector organization> before, during, and following a cyber incident impacting emergency services.
• Review plans, procedures, roles, responsibilities, and capabilities for responding to a cyber incident.
• Discuss coordination and collaboration across the <emergency services sector organization>.

Modules

• Module 1 — 30 discussion questions
• Module 2 — 29 discussion questions

Objectives

• Identify ways to enhance the cybersecurity resilience of your organization.
• Improve the decision-making process of senior leadership during a cyber incident.
• Examine the roles and responsibilities of senior leadership in response to a cyber incident.
• Discuss the reputational risks and impacts on business operations in the event of a cyber incident.

Modules

• Module 1 — 13 discussion questions
• Module 2 — 16 discussion questions

Objectives

• Examine <federal agency>’s ability to detect and respond to a DDoS attack.
• Discuss <federal agency>’s information sharing protocols with internal and external stakeholders/partners.
• Review <federal agency>’s reporting protocols to meet Federal Incident Notification Guidelines.
• Discuss <federal agency>’s plans to restore capabilities/services impacted by a cyber incident.

Modules

• Module 1 — 21 discussion questions
• Module 2 — 29 discussion questions

Objectives

• Discuss organizational resilience and response to cyber threats targeting the financial services sector.
• Identify areas for improvement within processes and plans in response to a cyber incident.
• Discuss internal and external communications plans and processes.

Modules

• Module 2
• Module 1 — 32 discussion questions
• Module 2 — 31 discussion questions

Objectives

• Assess the cyber resilience of <organization> before, during, and following a cyber incident.
• Examine plans, policies, and procedures in response to a cyber incident.
• Assess information sharing, notification, and coordination processes with partners during a cyber incident.

Modules

• Module 1 — 35 discussion questions
• Module 2 — 29 discussion questions

Objectives

• Assess the cyber resilience of <Organization> during and following a cyber incident impacting network connected medical devices.
• Evaluate the impacts of a cyber incident on patient care and operations.
• Improve IT and OT cybersecurity coordination to enhance the cybersecurity posture of <Organization>.
• Evaluate <Organization’s> ability to restore operations after disruptions from cyber intrusions.

Modules

• Module 1 — 38 discussion questions
• Module 2 — 33 discussion questions

Objectives

• Assess the resilience of <Organization> during and following a cyber incident impacting ICS.
• Improve IT and OT cybersecurity coordination to enhance organizational cybersecurity posture.
• Evaluate the ability to restore operations after disruptions from cyber intrusions.

Modules

• Module 2
• Module 1 — 37 discussion questions
• Module 2 — 30 discussion questions

Objectives

• Discuss organizational resilience and response to threats targeting the IT sector.
• Examine plans, policies, and procedures for responding to a cyber incident.
• Assess internal and external communications processes.

Modules

• Module 2
• Module 1 — 32 discussion questions
• Module 2 — 39 discussion questions

Objectives

• Evaluate <Organization’s> supply chain-oriented threats and the impact on organizational cyber resilience.
• Discuss <Organization’s> risk and vulnerabilities associated with malicious and unmalicious insider threats.
• Identify areas of improvement in cyber incident response plans and overall organizational resilience during and following a significant cyber incident.

Modules

• Module 1 — 22 discussion questions
• Module 2 — 31 discussion questions

Objectives

• Assess cybersecurity policies, procedures, and processes to manage cybersecurity risk.
• Evaluate the efficacy of organizational cybersecurity education and training.
• Discuss organizational resilience through risk management, back-up procedures, and recovery/restoration capabilities.

Modules

• Module 1 — 30 discussion questions
• Module 2 — 18 discussion questions

Objectives

• Examine <local government>’s preparedness to detect, respond to, and manage a cyber incident.
• Identify areas of improvement in cyber incident response plans.
• Explore internal and external information sharing processes during a cyber incident.
• Improve overall organizational cyber resilience.

Modules

• Module 1 — 35 discussion questions
• Module 2 — 31 discussion questions

Objectives

• Assess the resilience of <Organization> during and following a cyber incident impacting the maritime sub-sector.
• Evaluate <Organization’s> ability to continue operations during and after a cyberattack.
• Identify areas for improvement in cyber incident response plans.

Modules

• Module 1 — 29 discussion questions
• Module 2 — 25 discussion questions

Objectives

• Discuss organizational resilience and response to threats targeting open source projects.
• Familiarize stakeholders in public, private, and non-profit sectors with reporting processes and respective roles and responsibilities during a cyber incident stemming from a critical open source project.
• Identify areas for improvement in incident reporting processes, policies, and procedures.
• Examine response coordination efforts between public, private, and community stakeholders during a cyber incident.

Modules

• Module 1 — 12 discussion questions
• Module 2 — 23 discussion questions

Objectives

• Examine the response capabilities of <Organization> during a significant cyber incident.
• Evaluate the ability for <Organization> to coordinate information sharing during a significant cyber incident.
• Identify areas of improvement in cyber incident response plans and overall organizational resilience during and following a significant cyber incident.
• Explore <Organization>’s plans to recover and restore services, mission critical assets, or systems.

Modules

• Module 1 — 26 discussion questions
• Module 2 — 32 discussion questions

Objectives

• Examine the response capabilities of <Organization> during a significant cyber incident impacting the supply chain.
• Evaluate vulnerabilities associated with third-party vendor relationships.
• Identify areas for improvement in cyber incident response plans and overall organizational resilience during and following a significant cyber incident.

Modules

• Module 2
• Module 1 — 31 discussion questions
• Module 2 – 6 months later — 24 discussion questions

Objectives

• Assess the cyber resilience of <Organization> during and following a cyber incident impacting IT and OT.
• Improve IT and OT cybersecurity coordination to enhance the cybersecurity posture of <Organization>.
• Evaluate <Organization’s> ability to recover and restore operations after disruptions from cyber intrusions.

Modules

• Module 1 — 23 discussion questions
• Module 2 — 26 discussion questions

Objectives

• Review intelligence and information sharing and dissemination processes in relation to a credible threat to domestic critical infrastructure owners / operators.
• Assess information sharing capabilities with the public; sector partners; and federal, state, local, tribal, and territorial government departments and agencies in accordance with applicable plans and procedures.
• Discuss private sector stakeholders’ emergency preparedness plans and response procedures to a threat-initiated incident and the coordination activities under the National Incident Management System (NIMS) with local, state, and federal agencies.
• Discuss gaps and challenges in private sector stakeholders’ emergency preparedness plans and response procedures to a cyber-related incident.

Modules

• Module One: Threat — 57 discussion questions
• Module Two: Incident and Incident Aftermath — 32 discussion questions

Objectives

• Review intelligence and information sharing and dissemination processes in relation to a credible threat to domestic critical infrastructure owners / operators.
• Assess information sharing capabilities with the public; sector partners; and federal, state, local, tribal, and territorial government departments and agencies in accordance with applicable plans and procedures.
• Discuss private sector stakeholders’ emergency preparedness plans and response procedures to a threat-initiated incident and the coordination activities under the National Incident Management System (NIMS) with local, state, and federal agencies.

Modules

• Module One: Threat and Initial Incident — 23 discussion questions
• Module Two: Incident and Incident Aftermath — 25 discussion questions

Objectives

• Review emergency preparedness plans and response procedures to a suspicious activity event and a follow-on bomb threat.
• Examine threat and incident information sharing, notification, and communication procedures between [insert facility or organization] partners, focusing on intelligence community partners and law enforcement.
• Examine public messaging and information plans and procedures related to an active threat.
• Discuss recovery and continuity plans and procedures following suspicious activity events and a bomb threat.

Modules

• Module 1: Intelligence and Information Sharing — 23 discussion questions
• Module 1: Scenario Update — 18 discussion questions
• Module 2: Incident Response — 31 discussion questions
• Module 2: Scenario Update — 26 discussion questions
• Module 3: Recovery and Continuity — 23 discussion questions

Objectives

• Review emergency preparedness plans and response procedures to an active shooter incident at a chemical sector facility.
• Discuss the coordination between private sector organizations and responding local, state, and federal agencies under the National Incident Management System (NIMS)
• Assess procedures for coordinating and sharing information within organizations, between organizations, and with the public.
• Review organizational interdependencies and recovery plans.

Modules

• Module One: Incident and Response — 94 discussion questions
• Module Two: Sustained Response — 90 discussion questions
• Module Three: Short-Term Recovery — 67 discussion questions

Objectives

• Review emergency preparedness plans and response procedures for a [insert threat vector] at a chemical sector facility.
• Discuss the coordination between private sector organizations and responding local, state, and federal agencies under the National Incident Management System (NIMS).
• Assess procedures for coordinating and sharing information within organizations, between organizations, and with the public.
• Review organizational interdependencies and recovery plans.

Modules

• Module One: Incident and Response — 99 discussion questions
• Module Two: Sustained Response — 84 discussion questions
• Module Three: Short-Term Recovery — 69 discussion questions

Objectives

• Review intelligence and information sharing processes for a security incident with local or regional chemical sector critical infrastructure owners / operators.
• Discuss private sector stakeholders’ emergency preparedness plans and response procedures to a security-initiated incident and the coordination activities under National Incident Management System (NIMS) with local, state, and federal agencies.
• Examine recovery and business continuity plans and procedures following a security incident at a chemical facility.

Modules

• Module One: Information Sharing — 22 discussion questions
• Module Two: Incident — 44 discussion questions
• Module Three: Response and Recovery — 59 discussion questions

Objectives

• Review emergency preparedness plans and response procedures for a [insert threat vector] at a chemical sector facility.
• Discuss the coordination between private sector organizations and responding local, state, and federal agencies under the National Incident Management System (NIMS)
• Assess procedures for coordinating and sharing information within organizations, between organizations, and with the public.
• Review organizational interdependencies and recovery plans.

Modules

• Module One: Incident Response — 98 discussion questions
• Module Two: Sustained Response — 81 discussion questions
• Module Three: Short-Term Recovery — 69 discussion questions

Objectives

• Review intelligence and information sharing, and dissemination processes in relation to a credible threat and / or [insert threat vector] to domestic Chemical Sector infrastructure owners / operators.
• Assess information sharing capabilities with public sector partners and federal, state, local, tribal, and territorial government departments and agencies in accordance with applicable plans and procedures.
• Discuss and identify private sector stakeholders’ emergency preparedness plans and response procedures to a threat-initiated incident and the coordination activities under the National Incident Management System (NIMS) with local, state, and federal agencies.
• Discuss gaps and challenges in private sector stakeholders’ emergency preparedness plans and response procedures to a threat-initiated incident.

Modules

• Module One: Overseas Attacks and Domestic Threat — 46 discussion questions
• Module Two: Imminent Threat — 30 discussion questions

Objectives

• Review emergency preparedness plans and response procedures for a [insert threat vector] at a chemical sector facility.
• Discuss the coordination between private sector organizations and responding local, state, and federal agencies under the National Incident Management System (NIMS).
• Assess procedures for coordinating and sharing information within organizations, between organizations, and with the public.
• Review organizational interdependencies and recovery plans.

Modules

• Module One: Incident and Response — 82 discussion questions
• Module Two: Sustained Response — 87 discussion questions
• Module Three: Short-Term Recovery — 66 discussion questions

Objectives

• Examine pre-incident and incident intelligence and information sharing procedures between public and private sector stakeholders.
• Examine emergency response plans and procedures during a complex coordinated attack with a focus on Incident Command System / National Incident Management System, Evacuation Procedures, and Public Messaging Protocols.
• Examine recovery plans following an attack.

Modules

• Module One: Threat — 30 discussion questions
• Module Two: Incident — 84 discussion questions
• Module Three: Recovery — 49 discussion questions

Objectives

• Review emergency preparedness plans and response procedures for an IED attack on a chemical sector facility.
• Discuss the coordination between private sector organizations and responding local, state, and federal agencies under the National Incident Management System (NIMS).
• Assess procedures for coordinating and sharing information within organizations, between organizations, and with the public.
• Review organizational interdependencies and recovery plans.

Modules

• Module One: Incident and response — 99 discussion questions
• Module Two: Sustained Response — 97 discussion questions
• Module Three: Short-Term Recovery — 57 discussion questions

Objectives

• Examine organizational recovery procedures and recovery operations coordination across stakeholder groups.
• Review intelligence and information sharing processes, and examine plans for addressing a potential insider threat.
• Discuss private sector stakeholders’ emergency preparedness plans and response procedures to a threat-initiated incident and coordination activities under the National Incident Management System (NIMS) with local, state, and federal agencies.
• Assess the existing methods and effectiveness of internal and external communications and coordination during and / or immediately after becoming aware of an adversarial event.
• Discuss gaps and challenges in private sector stakeholders’ emergency preparedness plans and response procedures to a cyber-related incident.

Modules

• Module One: Pre-Incident — 31 discussion questions
• Module Two: Incident — 57 discussion questions

Objectives

• Review emergency preparedness plans and response procedures for a theft and diversion incident at a chemical sector owner’s / operator’s facility.
• Discuss the coordination between private sector organizations and responding local, state, and federal agencies under the National Incident Management System (NIMS).
• Assess procedures for coordinating and sharing information within organizations, between organizations, and with the public.
• Review organizational interdependencies.

Modules

• Module One: Pre-Incident — 15 discussion questions
• Module Two: Incident — 80 discussion questions

Objectives

• Examine intelligence and information sharing dissemination processes in relation to a credible threat to domestic Chemical Sector infrastructure, including public messaging protocols.
• Assess information sharing capabilities with public sector partners; federal, state, local, tribal, and territorial government departments; and agencies in accordance with applicable plans and procedures.
• Discuss and identify private sector stakeholders’ emergency preparedness plans and response procedures to a threat-initiated incident and the coordination activities under National Incident Management System (NIMS) with local, state, and federal agencies.
• Discuss gaps and challenges in private sector stakeholders’ emergency preparedness plans and response procedures to a threat-initiated incident involving a UAS.
• Discuss recovery and business continuity in the wake of a UAS incident, including public messaging protocols.

Modules

• Module One: Intelligence and Information Sharing — 53 discussion questions
• Module Two: Incident and Response Phase — 64 discussion questions
• Module Three: Recovery and Business Continuity — 74 discussion questions

Objectives

• Review emergency preparedness plans and response procedures for an attack on a chemical sector facility.
• Discuss the coordination between private sector organizations and responding local, state, and federal agencies under the National Incident Management System (NIMS).
• Assess procedures for coordinating and sharing information within organizations, between organizations, and with the public.
• Review organizational interdependences and recovery plans.

Modules

• Module One: Incident and Response — 104 discussion questions
• Module Two: Sustained Response — 101 discussion questions
• Module Three: Short-Term Recovery — 60 discussion questions

Objectives

• Review emergency preparedness plans and response procedures for vehicle ramming and [insert threat vector, as necessary] at a chemical sector facility.
• Discuss the coordination between private sector organizations and responding local, state, and federal agencies under the National Incident Management System (NIMS).
• Assess procedures for coordinating and sharing information within organizations, between organizations, and with the public.
• Review organizational interdependencies and recovery plans.

Modules

• Module One: Incident and Response — 89 discussion questions
• Module Two: Sustained Response — 88 discussion questions
• Module Three: Short-Term Recovery — 69 discussion questions

Objectives

• Review intelligence and information sharing capabilities between public and private sector entities before and during an incident.
• Examine operational coordination and response protocols with private sector personnel, law enforcement, and EMS personnel during a crowd surge incident with a focus on mass casualty incident (MCI) and public messaging procedures.
• Discuss plans, policies, and procedures to ensure continuity of operations and business continuity.

Modules

• Module One: Pre-Incident Information Sharing — 44 discussion questions
• Module Two: Incident Response — 61 discussion questions
• Module Three: Short-Term Recovery — 48 discussion questions

Objectives

• Examine response and recovery plans and procedures following a drone attack.
• Discuss information sharing procedures and communication and coordination protocols between private and local public sector partners.
• Examine company and port security short-term recovery plans.

Modules

• Module One: Pre-Incident Phase — 22 discussion questions
• Module Two: Incident and Response Phase — 56 discussion questions
• Module Three: Recovery Phase — 49 discussion questions

Objectives

• Assess the roles and effectiveness of coordination between public safety officials and dam owners / operators in reacting to an adversarial event in accordance with existing plans and standard operating procedures (e.g., security plans, emergency actions plans, emergency response plans, memoranda of agreement, memoranda of understanding).
• Examine the effectiveness of overall emergency response procedures in a no-notice adversarial event regarding the Incident Command Structure and logistical coordination among on-scene authorities.
• Examine and evaluate facility incident response plans (e.g., security plans, emergency action plans, emergency response plans, or other appropriate plans) used during an adversarial event.
• Assess the methods and effectiveness of internal and external communications during an adversarial event in accordance with existing plans and standard operating procedures.
• Identify and evaluate response, mitigation, and recovery actions associated with an adversarial event at the facility.
• Review information and threat sharing procedures and challenges between owners / operators and federal, state, and local government agencies.
• Identify gaps, redundancies, developmental activities, and best practices in standard procedures in response to an adversarial situation.

Modules

• Module One: Initial Response Phase — 28 discussion questions
• Module Two: Tactical Response Phase — 21 discussion questions
• Module Three: Assessment Phase — 22 discussion questions

Objectives

• Assess the roles and effectiveness of coordination between public safety officials and dam owners / operators when reacting to an adversarial event in accordance with existing plans and standard operating procedures (e.g., security plans, emergency action plans, emergency response plans, memoranda of agreement, memoranda of understanding, etc.).
• Examine the effectiveness of overall emergency response procedures in a no-notice adversarial event regarding the Incident Command Structure and logistical coordination among on-scene authorities.
• Examine and evaluate facility incident response plans (e.g., security plans, emergency action plans, emergency response plans, or other appropriate plans) used during an adversarial event.
• Assess the methods and effectiveness of internal and external communications during an adversarial event in accordance with existing plans and standard operating procedures.
• Identify and evaluate response, mitigation, and recovery actions associated with an adversarial event at the facility.
• Review information and threat sharing procedures and challenges between owners / operators and federal, state, and local government agencies.
• Identify gaps, redundancies, developmental activities, and best practices in standard operating procedures in response to an adversarial situation.

Modules

• Module One: International Threat Period — 15 discussion questions
• Module Two: Domestic Threat Period — 16 discussion questions
• Module Three: Domestic Attack — 17 discussion questions

Objectives

• Review pre-incident and incident response information sharing procedures between military branches, military service components, military installation command, corporate leadership, employees, and emergency responders.
• Discuss private sector stakeholders’ emergency preparedness plans and response procedures to an active shooter / improvised explosive device (IED) incident and coordination activities under National Incident Management System (NIMS) with local, state, and federal agencies.
• Consider participating organizations’ business continuity plans or continuity of operations plans to identify best practices in the aftermath of a complex coordinated attack on a large defense industrial base (DIB) workshop facility.

Modules

• Module One: Intelligence and Information Sharing — 30 discussion questions
• Module Two: Incident and Response — 76 discussion questions
• Module Three: Business Continuity and Recovery — 29 discussion questions

Objectives

• Identification of key regional and local critical infrastructure stakeholders and facilities.
• Review of incident reporting, intelligence threat warning, and information sharing and dissemination processes between state, local, tribal, and territorial entities; law enforcement; facility owners and operators; and federal departments and agencies in relation to a credible threat to, a security incident at, or attack on, regional or local critical infrastructure.
• Discuss regional and local stakeholders’ emergency preparedness plans and procedures to a security incident or attack on an electric substation and the coordination of activities under the National Incident Management System (NIMS) with federal, state, local, tribal, and territorial entities.

Modules

• Module One: Incident Detection, Notification, and Reporting — 23 discussion questions
• Module Two: Incident and Incident Aftermath — 23 discussion questions

Objectives

• Examine pre-incident threat intelligence, information sharing, and notification and communication procedures between critical stakeholders.
• Examine current emergency plans, procedures, and capabilities for incident response to an active shooter threat with a focus on:
• Alert and communication procedures
• Incident Command System (ICS) / National Incident Management System (NIMS)
• Physical and psychological first aid
• Evacuation and shelter-in-place procedures
• Examine public messaging and media relations procedures during and immediately following an incident, including the role that critical stakeholders play in the aftermath of the incident.
• Discuss recovery and continuity plans and procedures following an active threat incident, with a focus on family reunification and academic continuation.

Modules

• Module One: Pre-Incident Information Sharing — 29 discussion questions
• Module Two: Incident response — 147 discussion questions
• Module Three: Short-Term Recovery and continuity — 54 discussion questions

Objectives

• Review intelligence and information sharing and dissemination processes in relation to a credible threat to Faith-Based Organizations (FBOs).
• Discuss emergency preparedness plans and public messaging procedures to a threat-initiated incident.

Modules

• Module One: Threat — 20 discussion questions
• Module Two: Incident — 46 discussion questions

Objectives

• Examine pre-incident and incident information sharing procedures between public and private sector stakeholders, including public messaging procedures.
• Discuss emergency response plans and procedures to a threat-initiated incident at a Food and Agriculture Supply owner’s / operator’s facility with a focus on coordination between public and private sector stakeholders.
• Consider participating organizations’ business continuity plans or continuity of operations plans in the aftermath of a threat-initiated incident at a Food and Agriculture Supply owner’s / operator’s facility.

Modules

• Module One: Pre-Incident Information Sharing — 33 discussion questions
• Module Two: Incident Outbreak — 27 discussion questions
• Module Three: Recovery — 14 discussion questions

Objectives

• Discuss information sharing procedures and communication and coordination protocols between private and public sector partners.
• Identify organizational risk factors and examine emergency response plans for addressing a potential threat at a food manufacturing facility.
• Examine business continuity and recovery plans and procedures following a chemical contamination in a food manufacturing facility.

Modules

• Module One: Pre-Incident Information Sharing — 24 discussion questions
• Module Two: Incident Response — 47 discussion questions
• Module Three: Recovery — 27 discussion questions

Objectives

• Examine pre-incident threat intelligence, information sharing, and notification and communication procedures between public and private sector partners including identifying threat assessment procedures, prevention resources and programs, and discussing pertinent privacy protection concerns.
• Discuss coordination between private sector organizations and responding local, state, and federal agencies under the Incident Command System (ICS) / National Incident Management System (NIMS).
• Examine public messaging and media relations procedures during and immediately following an incident.
• Discuss recovery and continuity plans and procedures following an incident with a focus on business continuity and community recovery.

Modules

• Module One: Pre-Incident Information Sharing — 42 discussion questions
• Module Two: Incident Response — 97 discussion questions
• Module Three: Short-term Recovery — 61 discussion questions

Objectives

• Examine the effectiveness of overall emergency plans and procedures in response to an active shooter / improvised explosive device (IED) incident using the Incident Command System.
• Assess the existing methods of coordination and communication between public (federal, state, tribal, and local) and gaming sector partners during response to an incident.
• Examine post-incident alert and communication procedures as well as evacuation procedures for guests and employees following an incident.
• Identify and examine critical functions, business continuity, and recovery plans to include roles and responsibilities in short and long-term recovery efforts following an active shooter / IED incident.

Modules

• Module One: Threat — 20 discussion questions
• Module Two: Incident Response — 99 discussion questions
• Module Three: Short-Term Recovery — 49 discussion questions

Objectives

• Review intelligence and information sharing and dissemination processes in relation to a credible threat to domestic critical infrastructure owners / operators.
• Assess information sharing capabilities with government sector partners; federal, state, local, tribal, and territorial government departments and agencies; and the public in accordance with applicable plans and procedures.
• Discuss critical infrastructure stakeholders’ emergency preparedness plans and response procedures to a threat-initiated incident and the coordination of activities under the National Incident Management System (NIMS) with local, state, and federal agencies.
• Examine recovery and business continuity plans following an improvised explosive device (IED) and vehicle-borne IED (VBIED) attack.

Modules

• Module One: Pre-Incident Information Sharing — 46 discussion questions
• Module Two: Incident Response — 51 discussion questions
• Module Three: Recovery — 24 discussion questions

Objectives

• Examine threat and incident information sharing, notification, and alert procedures between public and private partners, including public messaging protocols.
• Examine operational coordination using Incident Command System (ICS) concepts during a multi-agency, multi-jurisdictional response to an active threat.
• Examine public and private organization response procedures, interaction, and public relations collaboration during an active threat.
• Discuss recovery and business continuity plans in the wake of an active threat in an open-air venue.

Modules

• Module One: Intelligence and Information Sharing — 23 discussion questions
• Module Two: Incident and Response — 66 discussion questions
• Module Three: Recovery and Business Continuity — 36 discussion questions

Objectives

• Examine information sharing between HPH owners / operators and various stakeholders, including the public; other HPH owners / operators; and federal, state, and local government departments and agencies when dealing with a credible threat.
• Assess your facility’s plans, policies, and procedures related to an adversarial threat, including incident management, evacuation, and personnel accountability.
• Assess the ability of existing recovery plans and business continuity / continuity of operations plans to address facility and stakeholder needs following an active threat incident.
• Enhance the ability of healthcare facilities to provide care during all-hazards incidents and mitigate the threat of disruptions to healthcare services.
• Discuss and validate internal incident management communication processes in accordance with existing plans and procedures.

Modules

• Module One: Pre-Incident — 20 discussion questions
• Module Two: Incident — 52 discussion questions
• Module Three: Recovery — 39 discussion questions

Objectives

• Examine information sharing between HPH owners / operators and various stakeholders, including the public; other HPH owners / operators; and federal, state, and local government departments and agencies when dealing with a credible threat.
• Assess your facility’s plans, policies, and procedures related to an adversarial threat, including incident management, evacuation, and personnel accountability.
• Assess the ability of existing recovery plans and business continuity / continuity of operations plans to address facility and stakeholder needs following an active threat incident.
• Enhance the ability of healthcare facilities to provide care during all-hazards incidents and mitigate the threat of disruptions to healthcare services.
• Discuss and validate internal incident management communication processes in accordance with existing plans and procedures.

Modules

• Module One: Pre-Incident — 20 discussion questions
• Module Two: Incident — 53 discussion questions
• Module Three: Recovery — 37 discussion questions

Objectives

• Examine pre-incident threat intelligence, information sharing, and notification and communication procedures between public and private sector partners.
• Evaluate response procedures to an active shooter event at a high school with a focus on Incident Command Systems (ICS) / National Incident Management System (NIMS), mass care services, coordination and communication, and evacuation and shelter-in-place procedures.
• Assess recovery and continuity plans in the aftermath of an active shooter incident with a focus on prioritizing health and social services (including behavioral health) in the community and reunification.

Modules

• Module One: Pre-Incident Information Sharing — 32 discussion questions
• Module Two: Incident Response — 172 discussion questions
• Module Three: Short-Term Recovery — 35 discussion questions

Objectives

• Examine threat and incident information sharing, notification, and communication procedures between public and private partners, with a focus on intelligence community partners and higher education facilities.
• Examine multi-agency coordination using Incident Command System (ICS) concepts during a complex coordinated attack, including collaboration with higher education facilities.
• Examine public and private organization response procedures, interaction, and public relations collaborations during an active threat.
• Discuss recovery and continuity plans and procedures following a complex coordinated attack.

Modules

• Module One: Intelligence and Information Sharing — 36 discussion questions
• Module Two: Incident Response — 72 discussion questions
• Module Three: Recovery and Continuity — 45 discussion questions

Objectives

• Examine threat and incident information sharing, notification, and communication procedures between [insert college or university] partners, with a focus on intelligence community partners and higher education facilities.
• Examine multi-agency coordination using Incident Command System (ICS) concepts during a complex coordinated attack, including collaboration between higher education facilities and public sector partners.
• Examine [insert college or university] response procedures, interaction, and public relations collaborations during an active threat.
• Discuss recovery and continuity plans and procedures following a complex coordinated attack.

Modules

• Module One: Intelligence and Information Sharing — 42 discussion questions
• Module Two: Incident Response — 107 discussion questions
• Module Three: Recovery and Continuity — 45 discussion questions

Objectives

• Examine pre-incident intelligence and information sharing procedures between public and private sector stakeholders.
• Examine response plans and procedures during an incident with a focus on:
• Incident Command System (ICS) / National Incident Management System (NIMS)
• Evacuation and shelter-in-place protocols
• Public messaging protocols
• Public Health, Healthcare, and Emergency Medical Services (EMS)
• Mass casualty incident (MCI) procedures
• Public / private sector coordination
• Examine recovery and business continuity plans following an incident with a focus on:
• Family reunification
• Mental health and behavioral counseling
• Victim assistance

Modules

• Module 1: Pre-Incident Information Sharing — 21 discussion questions
• Module 2: Incident Response — 26 discussion questions
• Module 2: Scenario Update — 25 discussion questions
• Module 3: Recovery — 19 discussion questions
• Module 3: Scenario Update — 20 discussion questions

Objectives

• Examine information sharing between HPH owners / operators and various stakeholders, including the public, other HPH owners / operators, and federal, state, and local government departments and agencies when dealing with a credible threat.
• Assess your facility’s plans, policies, and procedures related to an adversarial threat, including incident management, evacuation, and personnel accountability.
• Assess the ability of existing recovery plans and business continuity / continuity of operations plans to address facility and stakeholder needs following an active threat incident.
• Enhance the ability of healthcare facilities to provide care during all-hazards incidents and mitigate the threat of disruptions to healthcare services.
• Discuss and validate internal incident management communication processes in accordance with existing plans and procedures.

Modules

• Module One: Pre-Incident — 20 discussion questions
• Module Two: Incident — 51 discussion questions
• Module Three: Recovery — 27 discussion questions

Objectives

• Examine pre-incident and incident information sharing procedures between public and private sector partners.
• Examine emergency response, evacuation, and shelter-in-place plans and procedure to a complex coordinated attack.
• Examine recovery and business continuity plans following a complex coordinated attack.

Modules

• Module One: Intelligence and Information Sharing — 21 discussion questions
• Module Two: Incident Response — 51 discussion questions
• Module Three: Recovery and Business Continuity — 49 discussion questions

Objectives

• Examine threat and incident information sharing, notification, and communication procedures between public and private sector partners, with a focus on intelligence community partners and faith-based organizations (FBO)s.
• Examine private sector policies and procedures in response to a cyber-based attack.
• Examine public and private organization response procedures, interaction, and public relations collaboration during an active threat at an FBO.
• Discuss recovery and continuity plans and procedures following a complex coordinated attack.

Modules

• Module One: Pre-Incident Information Sharing — 20 discussion questions
• Module Two: Incident Response — 84 discussion questions
• Module Three: Recovery — 29 discussion questions

Objectives

• Examine pre-incident threat intelligence, information sharing, and notification and communication procedures between public and private partners including identifying threat assessment procedures, prevention resources and programs, and discussing pertinent privacy protection concerns.
• Examine current emergency plans, procedures, and capabilities for incident response to an active shooter threat with a focus on:
• Alert and communication procedures
• Integration and coordination between public and private partners using Incident Command System (ICS) concepts
• Eliminating the threat
• Medical and patient triage
• Training programs
• Examine public messaging and media relations procedures during and immediately following an incident, including the Public Information Officer (PIO) role.
• Discuss recovery and continuity plans and procedures following an incident, with a focus on prioritizing health and social services (including behavioral health) in the community and reunification.

Modules

• Module Three: Recovery and Continuity
• Module One: Intelligence and Information Sharing — 23 discussion questions
• Module Two: Incident Response — 95 discussion questions
• Module Three: Recovery and Continuity — 54 discussion questions

Objectives

• Review pre-incident and incident response information sharing procedures between corporate leadership, employees, customers, and emergency responders.
• Discuss private sector stakeholders’ emergency preparedness plans and response procedures to an Active Shooter / Improvised Explosive Device (IED) incident and the coordination of activities under National Incident Management System (NIMS) with local, state, and federal agencies.
• Consider participating organizations’ business continuity plans or continuity of operations plans to identify best practices in the aftermath of a complex coordinated attack on a large box store.

Modules

• Module One: Intelligence and Information Sharing — 19 discussion questions
• Module Two: Incident and Response — 66 discussion questions
• Module Three: Business Continuity and Recovery — 24 discussion questions

Objectives

• Examine pre-incident and incident intelligence and information sharing procedures between public and private sector stakeholders.
• Examine emergency response plans and procedures to an active shooter incident at a large sporting event with a focus on:
• Incident Command System (ICS) / National Incident Management System (NIMS)
• Evacuation and shelter-in-place procedures
• Mass casualty incident (MCI) procedures
• Public messaging protocols
• Family reunification procedures
• Examine immediate recovery plans following an incident, including victim assistance and mental and behavioral health resources.

Modules

• Module One: Pre-Incident Intelligence and Information Sharing — 49 discussion questions
• Module Two: Incident Response — 83 discussion questions
• Module Three: Immediate Recovery and Business Continuity — 52 discussion questions

Objectives

• Examine intelligence and information sharing processes, including public messaging protocols, in relation to a credible threat to maritime domestic critical infrastructure.
• Discuss and identify private sector stakeholders’ emergency preparedness plans and response procedures to a threat-initiated incident and the coordination activities under the National Incident Management System (NIMS) with local, state, and federal agencies.
• Discuss recovery and business continuity plans in the wake of a maritime domestic terror incident including public messaging protocols.

Modules

• Module One: Domestic Threat — 46 discussion questions
• Module Two: Incident — 43 discussion questions
• Module Three: Recovery — 44 discussion questions

Objectives

• Examine pre-incident threat intelligence, information sharing, and notification and communication procedures between public and private sector partners.
• Evaluate the ability to establish an effective command structure; provide a safe and secure environment for students, staff, and first responders; and provide mass care services during the response to an active shooter incident occurring on school grounds.
• Assess the ability to deliver coordinated, actionable, age-appropriate, and timely information to critical partners and stakeholders when faced with an active shooter incident and immediately following an incident.
• Assess recovery and continuity plans in the aftermath of an active shooter incident with a focus on prioritizing health and social services (including behavioral health) in the community and family reunification.

Modules

• Module One: Pre-Incident Information Sharing — 30 discussion questions
• Module Two: Incident Response — 159 discussion questions
• Module Three: Short-Term Recovery — 53 discussion questions

Objectives

• Examine pre-incident intelligence and information sharing procedures between private and public sector stakeholders.
• Examine emergency response plans and procedures during a civil disturbance and active threat scenario with a focus on:
• Incident Command System (ICS) / National Incident Management System (NIMS)
• Evacuation and shelter-in-place procedures
• Public messaging protocols
• Examine recovery plans following an incident, including restoration of raceway services and victim assistance.

Modules

• Module One: Pre-Incident Information Sharing — 27 discussion questions
• Module Two: Incident Response — 92 discussion questions
• Module Three: Recovery and Business Continuity — 67 discussion questions

Objectives

• Evaluate multi-jurisdictional information sharing capabilities and processes among participating organizations responding to a potential threat and then a confirmed improvised explosive device (IED) explosion.
• Evaluate the ability to establish an effective command structure; provide a safe and secure environment for first responders, law enforcement, and commuters; and provide mass care services during the response to an explosion on [insert bridge name].
• Examine recovery plans following an attack from an IED with a focus on:
• Family reunification process
• Victim assistance
• Economic and community recovery

Modules

• Module One: Pre-Incident Information Sharing — 51 discussion questions
• Module Two: Incident Response — 106 discussion questions
• Module Three: Short-Term Recovery — 61 discussion questions

Objectives

• Examine pre-incident and incident intelligence and information sharing procedures between public and private sector stakeholders.
• Examine emergency response plans and procedures to a bombing at a music festival with a focus on:
• Incident Command System (ICS) / National Incident Management System (NIMS)
• Evacuation and shelter-in-place procedures
• Mass casualty incident (MCI) procedures
• Public messaging protocols
• Family reunification procedures
• Mental and behavioral health resources
• Examine immediate recovery plans following an incident, including victim assistance following an active threat at a music festival.

Modules

• Module One: Pre-Incident Intelligence and Information Sharing — 52 discussion questions
• Module Two: Incident Response — 85 discussion questions
• Module Three: Immediate Recovery and Business Continuity — 55 discussion questions

Objectives

• Examine pre-incident and incident intelligence and information sharing procedures between public and private sector stakeholders.
• Examine emergency response plans and procedures to a shooting at a music festival with a focus on:
• Incident Command System (ICS) / National Incident Management System (NIMS)
• Evacuation and shelter-in-place procedures
• Mass casualty incident (MCI) procedures
• Public messaging protocols
• Family reunification procedures
• Mental and behavioral health resources
• Examine immediate recovery plans following an incident, including victim assistance following an active threat at a music festival.

Modules

• Module One: Pre-Incident Intelligence and Information Sharing — 60 discussion questions
• Module Two: Incident Response — 85 discussion questions
• Module Three: Immediate Recovery and Business Continuity — 61 discussion questions

Objectives

• Examine pre-incident intelligence and information sharing procedures in relation to a credible threat to domestic critical infrastructure between public and private stakeholders.
• Examine private sector stakeholders’ emergency preparedness plans and response to procedures to a threat-initiated incident and coordination activities with local, state, and federal agencies.
• Examine short-term recovery plans and business continuity plans following an attack.

Modules

• Module One: Intelligence and Information Sharing — 17 discussion questions
• Module Two: Incident Response — 51 discussion questions
• Module Three: Short-Term Recovery — 33 discussion questions

Objectives

• Examine pre-incident and incident intelligence and information sharing procedures between public and private sector stakeholders.
• Review emergency preparedness plans and response procedures to an attack on an outdoor event.
• Discuss the coordination between private sector organizations and responding local, state, and federal agencies under the National Incident Management System (NIMS).
• Assess procedures for coordinating and sharing information within organizations, between organizations, and with the public.
• Review organizational interdependencies and recovery plans.

Modules

• Module One: Pre-Incident Intelligence and Information Sharing — 47 discussion questions
• Module Two: Incident and Response — 68 discussion questions
• Module Three: Short-Term Recovery — 45 discussion questions

Objectives

• Review emergency preparedness plans and response procedures to an attack on an outdoor event.
• Discuss the coordination between private sector organizations and responding local, state, and federal agencies under the National Incident Management System (NIMS).
• Assess procedures for coordinating and sharing information within organizations, between organizations, and with the public.
• Review organizational interdependencies and recovery plans.

Modules

• Module One: Incident and Response — 84 discussion questions
• Module Two: Sustained Response — 97 discussion questions
• Module Three: Short-Term Recovery — 67 discussion questions

Objectives

• Review emergency preparedness plans and response procedures to an attack on an outdoor event.
• Discuss the coordination between private sector organizations and responding local, state, and federal agencies under the National Incident Management System (NIMS).
• Assess procedures for coordinating and sharing information within organizations, between organizations, and with the public.
• Review organizational interdependencies and recovery plans.

Modules

• Module One: Incident and Response — 77 discussion questions
• Module Two: Sustained Response — 97 discussion questions
• Module Three: Short-Term Recovery — 67 discussion questions

Objectives

• Review emergency preparedness plans and response procedures to an attack on an outdoor event.
• Discuss the coordination between private sector organizations and responding local, state, and federal agencies under the National Incident Management System (NIMS).
• Assess procedures for coordinating and sharing information within organizations, between organizations, and with the public.
• Review organizational interdependencies and recovery plans.

Modules

• Module One: Incident and Response — 86 discussion questions
• Module Two: Sustained Response — 99 discussion questions
• Module Three: Short-Term Recovery — 67 discussion questions

Objectives

• Review emergency preparedness plans and response procedures to an attack on an outdoor event.
• Discuss the coordination between private sector organizations and responding local, state, and federal agencies under the National Incident Management System (NIMS).
• Assess procedures for coordinating and sharing information within organizations, between organizations, and with the public.
• Review organizational interdependencies and recovery plans.

Modules

• Module One: Incident and Response — 96 discussion questions
• Module Two: Sustained Response — 89 discussion questions
• Module Three: Short-Term Recovery — 65 discussion questions

Objectives

• Evaluate how effective current plans, procedures, and agreements are in mitigating and responding to impacts from a catastrophic event to the relevant supply chain.
• Identify threats, hazards, vulnerabilities, and consequences for the supply chain.
• Identify critical functions, actions, and timeframes to maintain supply chain continuity during a catastrophic incident.
• Discuss and validate multidirectional communication processes in accordance with existing supply chain continuity plans and procedures.

Modules

• Module 3: Transition to Recovery — 73 discussion questions

Objectives

• Examine threat and incident information sharing, notification systems, and alert procedures between public and private partners, including public messaging protocols.
• Examine operational coordination using Incident Command System (ICS) / National Incident Management System (NIMS) concepts during a multi-agency, multi-jurisdictional response to an sUAS incident.
• Examine public and private sectors organization’s response procedures, interaction, and public relations collaboration during an sUAS incident.
• Discuss recovery and business continuity plans in the wake of an sUAS incident.

Modules

• Module One: Intelligence and Information Sharing — 26 discussion questions
• Module Two: Incident and Response — 80 discussion questions
• Module Three: Recovery and Business Continuity — 31 discussion questions

Objectives

• Examine threat and incident information sharing, notification systems, and alert procedures between public and private sector partners, including public messaging protocols.
• Examine operational coordination using Incident Command System (ICS) concepts during a multi-agency, multi-jurisdictional response to an sUAS incident.
• Examine public and private organization response procedures, interaction, and public relations collaboration during an sUAS incident.
• Discuss recovery and business continuity plans in the wake of an sUAS incident.

Modules

• Module One: Intelligence and Information Sharing — 26 discussion questions
• Module Two: Incident Response — 82 discussion questions
• Module Three: Recovery and Business Continuity — 33 discussion questions

Objectives

• Examine threat and incident information sharing, notification systems, and alert procedures between public and private sector partners, including public messaging protocols.
• Examine operational coordination using Incident Command System (ICS) / National Incident Management System (NIMS) concepts during a multi-agency, multi-jurisdictional response to an sUAS incident.
• Examine public and private sector organization’s response procedures, interaction, and public relations collaboration during an sUAS incident.
• Discuss recovery and business continuity plans in the wake of an sUAS incident.

Modules

• Module One: Intelligence and Information Sharing — 26 discussion questions
• Module Two: Incident and Response — 71 discussion questions
• Module Three: Recovery and Business Continuity — 30 discussion questions

Objectives

• Examine threat and incident information sharing, notification systems, and alert procedures between public and private sector partners, including public messaging protocols.
• Examine operational coordination using Incident Command System (ICS) / National Incident Management System (NIMS) concepts during a multi-agency, multi-jurisdictional response to an sUAS incident.
• Examine public and private sector organization’s response procedures, interaction, and public relations collaboration during an sUAS incident.
• Discuss recovery and business continuity plans in the wake of an sUAS incident.

Modules

• Module One: Intelligence and Information Sharing — 26 discussion questions
• Module Two: Incident and Response — 76 discussion questions
• Module Three: Recovery and Business Continuity — 27 discussion questions

Objectives

• Evaluate how effective current plans, procedures, and agreements are in mitigating and responding to impacts from a catastrophic event to the relevant supply chain
• Identify threats, hazards, vulnerabilities, and consequences for the supply chain.
• Identify critical functions, actions, and timeframes to maintain supply chain continuity due to a catastrophic incident.
• Discuss and validate multidirectional communication processes in accordance with existing supply chain continuity plans and procedures.

Modules

• Module 3: Post-Incident — 58 discussion questions

Objectives

• Evaluate how effective current plans, procedures, and agreements are in mitigating and responding to and recovering from impacts from a catastrophic event to the relevant supply chain.
• Identify threats, hazards, vulnerabilities, and consequences for the supply chain.
• Identify critical functions, actions, and timeframes to maintain supply chain continuity due to a catastrophic incident.
• Discuss and validate multidirectional communication processes in accordance with existing supply chain continuity plans and procedures.

Modules

• Module One: Pre-Incident — 31 discussion questions
• Module Two: Incident — 9 discussion questions
• Module Three: Post-Incident — 10 discussion questions

Objectives

• Evaluate how effective current plans, procedures, and agreements are in mitigating and responding to and recovering from impacts from a catastrophic event to the relevant supply chain.
• Identify threats, hazards, vulnerabilities, and consequences for the supply chain.
• Identify critical functions, actions, and timeframes to maintain supply chain continuity due to a catastrophic incident.
• Discuss and validate multidirectional communication processes in accordance with existing supply chain continuity plans and procedures.

Modules

• Module One: Pre-Incident — 32 discussion questions
• Module Two: Incident — 10 discussion questions
• Module Three: Post-Incident — 10 discussion questions

Objectives

• Evaluate how effective current plans, procedures, and agreements are in mitigating and responding to and recovering from impacts from a catastrophic event to the relevant supply chain.
• Identify threats, hazards, vulnerabilities, and consequences for the supply chain.
• Identify threats, hazards, vulnerabilities, and timeframes to maintain supply chain continuity due to a catastrophic incident.
• Discuss and validate multidirectional communication processes in accordance with existing supply chain continuity plans and procedures.

Modules

• Module 3: Post-Incident — 59 discussion questions

Objectives

• Examine emergency response plans and procedures before and during a tornado incident with a focus on:
• Incident Command System (ICS) / National Incident Management System (NIMS)
• Critical infrastructure protection
• Public messaging protocols
• Assess procedures for coordinating and sharing information within the organization.
• Examine recovery protocols following a tornado with a focus on:
• Business continuity
• Critical infrastructure resilience
• Supply chain integrity

Modules

• Module One: Pre-Incident Information Sharing — 55 discussion questions
• Module Two: Incident Response — 32 discussion questions
• Module Three: Short Term and Continuous Recovery — 73 discussion questions

Objectives

• Examine pre-incident and incident intelligence and information sharing procedures between public and private stakeholders.
• Examine emergency response plans and procedures for an attack at a sporting event with a focus on:
• Incident Command System (ICS) / National Incident Management System (NIMS)
• Evacuation and shelter-in-place procedures
• Public messaging protocols
• Family reunification procedures
• Mental and behavioral health resources
• Examine immediate recovery and business continuity plans following an incident, including victim assistance following an active threat at a large sporting event.

Modules

• Module One: Incident Response — 41 discussion questions
• Module Two: Recovery — 50 discussion questions

Objectives

• Review emergency preparedness plans and response procedures to a wildfire.
• Assess procedures for coordinating and sharing information within organizations, between organizations, and with the public.
• Discuss the coordination between private sector organizations and responding local, state, and federal agencies under the National Incident Management System (NIMS).
• Review organizational interdependencies and recovery plans.

Modules

• Module One: Intelligence and Information Sharing — 20 discussion questions
• Module Two: Incident and Response — 87 discussion questions
• Module Three: Short-Term Recovery — 46 discussion questions