15 Minute Tabletop:
Email Account Compromise?
About 15 Minute Exercises
This exercise was developed by the MiSecure team for school districts to enhance their preparedness for cybersecurity events and incidents.
This presentation is customizable and includes template exercise objectives, scenarios, and discussion questions as well as a collection of references and resources. While this exercise can be used as-is, it can and should be customized to be more realistic for your organization. For example, you can name systems that you operate and department or team names that are specific to your organization.
License Note: This presentation is shared under Creative Commons Licensing CCBY https://creativecommons.org/licenses/by/4.0/.
If you are a school district in Michigan and need assistance running a tabletop exercise, reach out to the MISecure team.
We strongly recommend that you develop a cybersecurity incident response plan prior to running tabletop exercises. For a starting point, try the MiSecure Incident Response Planning templates (https://misecure.org/incident-response-planning-tools/)
Facilitator Notes
Focused Scope: Because the time is limited to 15–30 minutes, keep the discussion narrow. Don't try to solve the entire incident; focus on the first steps the team would take or the primary communication hurdle.
Exercise Goal | Key Participants | Length | Incident Severity |
Walk through response to a potential email account compromise reported to you from another organization. | Tech Team/�Cyber Incident Response Team | 15-30 minutes | Medium |
Email Account Compromise?
A nearby school district calls to inform you that they received a malicious email from an elementary teacher at your domain/district. They provide the email headers, username/email address and email timestamps of 6 messages.
Email Account Compromise?
A nearby school district calls to inform you that they received a malicious email from an elementary teacher at your domain/district. They provide the email headers, username/email address and email timestamps of 6 messages.
Discussion:
Check Your Work
Hotwash
MISecure Incident Response Planning Tools
MISecure Cybersecurity Tabletop Exercise Library
Full TTX Library at: https://misecure.org/tabletop-exercises/
Michigan Incident Response Contacts
For School Districts in Michigan:
MISecure Operations Center �989-763-5797 �misecure@gomaisa.org
For School Districts and other entities in Michigan:
Michigan State Police Cyber Command Center �877-MI-CYBER �mc3@michigan.gov