DORA & NIS2 Tabletop Exercises (ISTTX)

 

Course Overview

This practical, two-day training course teaches companies how to plan, conduct, and evaluate tabletop exercises (TTX) in accordance with DORA and NIS2.

Participants will learn how to apply regulatory requirements to realistic crisis scenarios, practice decision-making under pressure, and measurably improve organizational resilience.

A particular focus is placed on realistic simulations in which participants actively take on roles and make decisions.

Who should attend

  • CISO / Information Security Officer
  • IT Managers and Security Officers
  • BCM and Risk Manager
  • Compliance and Audit Officers
  • SOC employees
  • Security Incident Manager
  • Security consultants and IT service providers

Course Objectives

Upon completion of the training, participants will be able to:

  • Translating DORA and NIS2 requirements into training concepts
  • Planning and facilitating tabletop exercises in a structured manner
  • develop realistic crisis scenarios (e.g., ransomware, third-party failure)
  • To evaluate decision-making processes and responsiveness
  • Identify vulnerabilities and develop countermeasures
  • to establish a sustainable TTX program within the company

Course Content

Day 1 – Fundamentals & Design of Tabletop Exercises

Module 1: Regulatory Context (DORA & NIS2)
  • Overview of Resilience Testing Requirements
  • Incident Response & Crisis Management in a Regulatory Context
  • Expectations of Regulators and Auditors
  • Common vulnerabilities encountered in practice
Module 2: Fundamentals of Tabletop Exercises
  • Distinction from penetration testing and red teaming
  • Objectives and Benefits of TTX
  • Roles and Responsibilities (Management, IT, Legal, Communications)
Module 3: Designing a TTX
  • Development of realistic scenarios
  • Building an Inject Structure (Escalation and Dynamics)
  • Defining exercise objectives and KPIs
  • Development of a training manual
Practical exercise
  • Developing your own scenario in groups

Day 2 – Implementation, Evaluation, and Operationalization

Module 4: Conducting a Tabletop Exercise
  • Live simulation of a realistic scenario (e.g., a ransomware attack involving a third-party outage)
  • Role-based implementation (Management, IT, Communications)
  • Facilitation techniques and managing the exercise
Module 5: Evaluation & Lessons Learned
  • Structured debriefing (Hot Wash / Debriefing)
  • Identification of vulnerabilities
  • Assessment of Responsiveness
  • Documentation of the results
Module 6: Mapping to DORA & NIS2
  • Identification of Regulatory Gaps
  • Prioritization of measures
  • Preparing for Audits and Inspections
Module 7: Establishing a TTX Program
  • Integration into ISMS and BCM
  • Developing a regular exercise routine
  • Definition of Key Performance Indicators
  • Scaling within the company

Prix & Delivery methods

Formation en ligne

Durée
2 jours

Prix
  • CHF 1 390,–
Dates et Inscription
Demande de date
Formation en salle équipée

Durée
2 jours

Prix
  • Suisse : CHF 1 390,–
y compris la restauration
Dates et Inscription
Demande de date

Agenda

FLEX Classroom Training (hybrid course):   Course participation either on-site in the classroom or online from the workplace or from home.

Allemand

European Time Zones

Formation en ligne
Option présentielle : Munich, Allemagne
Formation en ligne
Option présentielle : Hambourg, Allemagne
Formation en ligne
Option présentielle : Hambourg, Allemagne
FLEX Classroom Training (hybrid course):   Course participation either on-site in the classroom or online from the workplace or from home.

Allemagne

Munich Langue : Allemand
Hambourg Langue : Allemand
Hambourg Langue : Allemand

Si vous ne trouvez pas de date adéquate, n'hésitez pas à vérifier l'agenda de toutes nos formations FLEX internationales