Author: Tomáš Hájek
Supervisor: Jan Vykopal
Abstract: Tabletop exercises are very effective for testing procedures for mitigating cybersecurity incidents. However, they have one major drawback: the pen-and-paper format. This thesis explores the potential of using a web application called INJECT Exercise Platform (IXP) as a tool for cybersecurity tabletop exercises. The thesis proposes recommendations for designing, implementing, and facilitating such exercises, which include the design methodology, the learning objectives and activities. This work examines two distinct exercise formats for the IXP. The first is a more automated and technical exercise in the team-based format already used in the IXP. In the second case, I created a design concept for roles, which was used to develop a role-based exercise that showcases the role format. The test runs showed the viability of role-based exercises in the IXP and provided suggestions for improvements to the exercise for IT administrators. The thesis results in two fully functional and tested exercises ready to be deployed in the IXP.