During an audit as a third party security consultant you are told that the organization being audited conducts an exercise annually during which prominent IT staff and the security team gather in a meeting room and discuss how they would handle various security incidents and disaster scenarios. This exercise is then used to update any policies and playbooks. What type of exercise are they describing?
|Attacks, Threats, and Vulnerabilities|
|Architecture and Design|
|Operations and Incident Response|
|Governance, Risk, and Compliance|