TABLETOP EXERCISE AFTER ACTION REVIEW SANITIZED VERSION Name

TABLETOP EXERCISE – AFTER ACTION REVIEW SANITIZED VERSION Name May 8, 2015

AFTER ACTION REVIEW (AAR) 1. Did the exercise meet your expectations? If not, please explain. 2. What did you like best about the exercise? 3. What did you like least about the exercise overall? 4. Please provide any recommendations on how this exercise or future exercises could be improved or enhanced. Looking Ahead • Lessons learned from this TTX: ‒ Continue doing… ‒ Stop doing… ‒ Start doing… THE XYZ COMPANY 2

ASSESSMENT FACTOR 1. The exercise was well structured and organized. Category 1 0 Category 2 0 Category 3 0 9 Category 4 6 Category 5 0 2 4 6 8 10 Series 1 THE XYZ COMPANY 3

ASSESSMENT FACTOR 2. The multimedia presentation helped the participants understand become engaged in the scenario. Category 1 0 Category 2 0 Category 3 0 5 Category 4 10 Category 5 0 2 4 6 8 10 12 Series 1 THE XYZ COMPANY 4

ASSESSMENT FACTOR 3. The exercise helped my organization achieve it’s objective. Category 1 0 Category 2 0 Category 3 0 10 Category 4 5 Category 5 0 2 4 6 8 10 12 Series 1 THE XYZ COMPANY 5

ASSESSMENT FACTOR 4. The exercise met my expectations. Category 1 0 Category 2 0 Category 3 0 During the Hot Wash / After Action Review (AAR): • Did TTX present too much information: 0 • Was the information provided just right: 12 (affirmed) • Did TTX not present enough information: 5 (affirmed) 9 Category 4 6 Category 5 0 2 4 6 8 10 Series 1 THE XYZ COMPANY 6

ASSESSMENT FACTOR 5. The Cyber-Incident Tabletop Exercise was worth my time. Category 1 0 Category 2 0 Category 3 0 6 Category 4 9 Category 5 0 2 4 6 8 10 Series 1 THE XYZ COMPANY 7

ASSESSMENT QUESTIONS 1. Did the exercise meet your expectations? If not, please explain. • Presentation was excellent. • Went through slides too quickly at the beginning; may be the time limit of the exercise. • Time. Possibly expand the exercise to multiple days – a few hours each day. THE XYZ COMPANY 8

ASSESSMENT QUESTIONS 2. What did you like best about the exercise? • Learning more about the departments in the company and how they are affected by a Cyber Incident. • Input from all participants. • Great cross-functional collaboration. • Listening to IT--Department speak about issues and resolutions. • Exchange of ideas, communications, better understanding of the issue. • Learning different areas’ needs and how they are impacted. • Learning about data backup. • Good topic THE XYZ COMPANY 9

ASSESSMENT QUESTIONS (CONTINUED) 2. What did you like best about the exercise? (Continued) • Communication. • Recognizing how far-reaching this is beyond the IT Department. • Helpful interconnection between communication and what operations and internal audiences it can effect. • Cross function helpful to understand how event impacts all sides of our business. • Comfort in knowing data dumps are made every 12 hours. • Curiosity about impact event would have on customer service. • Know what to communicate and when to communicate it is key. • Limit the number of folks involved and have only key folks involved that would have the answers, solutions, suggestions. THE XYZ COMPANY 10

ASSESSMENT QUESTIONS (CONTINUED) 2. What did you like best about the exercise? (Continued) • Use floor captains to communicate the same message when the time is right. • Brought awareness of how it affects you personally and also your job. • If communication isn’t clear and consistent, back lash will happen. • Timely topic; good opportunity to communicate and see big picture. THE XYZ COMPANY 11

ASSESSMENT QUESTIONS 3. What did you like least about the exercise overall? • Timing…More time was needed. • Need more time in beginning to go over slides. • Needed more detail as to what functions were specifically affected in XYZ. THE XYZ COMPANY 12

ASSESSMENT QUESTIONS 4. Please provide any recommendations on how this exercise or future exercises could be improved or enhanced. • How it effects our personal lives. • More time, it felt rushed. • Let us know whether or not lunch will be provided. • I would have liked to hear more from IT Department. • More specifics in the scenario to better communicate the right message. • Timeline more realistic therefore able to give more realistic responses • Stage the exercise to have people in multiple places because when it happens, it may not be during working hours and everyone can gather in one place. • Where to go and what to do if this was a real event. • Direct folks to the Share. Point site. THE XYZ COMPANY 13

Q&A Individual A | Crisis Management XYZ Company 000 Street | Saint Louis, MO 63101 Individual. A@XYZ. com Work: 314 -0000 | Work Cell: 314 -0000 14