Fri, Jun 3, 2016

Threat Management and Workplace Violence: The Value of Tabletop Exercises

When it comes to being well-prepared to effectively manage threats in the workplace, the Tabletop Exercise can be one of the single most valuable experiences for a company and its Threat Assessment Team. From cyber and data breach incidents to workplace violence scenarios, tabletop exercises (or TTX as they are sometimes known) can demonstrate how a current response plan works and where improvements should be made.

But what is a tabletop exercise? A tabletop exercise brings together an organization’s managers and other support personnel who would typically be involved in handling various types of incidents. During this structured meeting, a facilitator presents to the team a pre-determined, realistic incident scenario and participants respond as they would in a real situation.

In our experience, organizations are often caught off guard by what tabletop exercises uncover, such as:

  • Missing links in the chain of command
  • Single or multiple points of failure
  • Gaps in security programs or procedures
  • Confusion about individual responsibilities

For example, we facilitated an exercise where part of an organization’s response to a crisis called for a building lockdown. However, much to the client’s chagrin, it was discovered that certain newly installed doors needed keys to be locked and only one utility person who could be anywhere in the plant at any point in time had those keys.

As consultants, we’re often called in as facilitators to organize and run tabletop exercises, presenting simulated threat scenarios to the company’s leadership or Threat Assessment Team that are unique to the organization and its needs. Having an outside facilitator present is often a significant advantage during and after these scenarios, adding the value of an experienced voice that can help the team review its actions and improve incident response plans.

Tabletop exercises can be tremendously helpful to organizations on many levels. A few of the benefits include:

  • Organizations get a sense of how information really flows in a crisis.
  • Managers identify questions and missing links that can then be addressed.
  • Findings highlight the need and ability to use both in-house and specialized resources.
  • Bringing together people from various areas of the organization helps to build cooperation and relationships across departments and regions while developing internal leadership.
  • Data-driven action plans increase efficiencies and support improved policies.

So, at one end of the preparedness spectrum, the tabletop exercise can give an organization confidence that in the event of certain crises or situations, its employees have the training and resources to respond quickly and effectively. On the other hand, when difficulties and issues arise, the findings from an exercise can form a blueprint of clear action items that the organization can prioritize and implement for greater peace of mind.

Preparing for and Developing Tabletop Exercises around Workplace Violence

When it comes to preventing workplace violence and developing response plans, best practices call for corporations and organizations to conduct tabletop exercises with the designated Threat Assessment Team. (For more information on threat assessment teams, see “Threat Management and Workplace Violence: Considering a Threat Assessment Team.”) Should a member of the Threat Assessment Team or leadership team want to design a tabletop exercise focusing on workplace violence preparedness, it’s good to start by examining the types of threat incidents that have occurred in the past. This may be followed by drafting a scenario or scenarios that are in line with the four main categories of workplace violence, i.e., where perpetrators are (1) criminals, (2) customers, (3) fellow workers, or (4) people who have a personal relationship with victims. Finally, consider adding complexity to the scenario that would simulate a real-life incident, making new pieces of information available as the exercise unfolds.

Each piece of new information that is presented during the tabletop exercise should stimulate consideration and discussion among participants. The potential significance of each piece of information as it relates to what is known about workplace violence risk should be discussed. (Unanswered questions should be documented for timely follow-up.) In turn, each discussion should generate an action item that may include seeking specialized resources; applying an intervention strategy learned in a previous training; investigating or gathering more information; or determining that no further action is necessary.

A well-designed tabletop exercise should also include “curveballs” unexpected changes in physical or informational elements of an incident to further test participants’ performance. These unexpected changes can be based upon assumptions identified in current incident management plans. For example, most plans assume availability of all of the resources required for managing or handling individual incidents. One such resource is people. An effective “curveball” could be accomplished by removing one or more of the key players present at the exercise venue or relied upon as primary facilitators for incident resolution. Exercise facilitators could then monitor and record participant responses to this and other unexpected developments.

Because people behave differently when they are under pressure and stress, an effective tabletop exercise must be carefully paced and monitored. One of the most useful metrics gained from a tabletop exercise is the time it takes for people to make decisions after being presented with new information or changes in incident parameters.

A tabletop exercise requires significant preparation in order to achieve its objectives. We recommend allotting the necessary time and resources for the following activities to help you derive the most information and benefits from your tabletop exercise:

  • Conduct an assessment of current risks, threats, and key assets, as well as attack vectors and actors. Even if an assessment exists, it takes time to validate it and to build realistic scenarios.
  • Conduct a comprehensive and critical review of current incident management plans in order to identify actionable steps and, most importantly, any assumptions or process gaps in such plans. A tabletop exercise should be designed to test both defined processes and assumptions/process gaps in order to validate existing incident management plans.
  • Gather all resources necessary from technical tools to note-takers to conduct the exercise.
  • An advance assessment of participants’ communication and behavioral styles is essential, as it will enhance the design of the exercise. For example, an introvert will act differently than an extravert in a group setting.
  • The team designing the tabletop exercise should consider performing a “dry run,” overseen by capable peers, to validate logic, pacing, and resources.

Ultimately, the most important element of a tabletop exercise is a comprehensive debrief with participants that includes the formulation and delegation of post-exercise actions, and expected results with individual deadlines. Resolution of all post-exercise actions should be carefully monitored by management to help ensure an effective and efficient enhancement process. One of these actions will always include the updating of current incident management plans to eliminate or minimize vulnerabilities identified by the tabletop exercise.

Enterprise Security Risk Management

Kroll’s Enterprise Security Risk Management practice provides expert guidance and advisory services to our global clientele as they navigate the most challenging and emerging security and threat-related issues.