The Master Scenario Events List (MSEL) comes from the NIST Special Publication 800-84 Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities. This standard details all of the aspects of creating, running, and debriefing after a tabletop exercise. The most important part of a tabletop will be the planning—identifying the audience, defining the objectives, and creating a realistic scenario will all help maximize the organization's cybersecurity potential by improving their security incident response plans, identifying potential weaknesses or gaps in controls, and preparing individuals for playing their respective roles during an incident.

• The Master Scenario Events List is a timeline of the scripted events to be injected into exercise play by a moderator to generate participant activity based on the objectives identified by the organizers. This script ensures that necessary events happen to generate discussion of policies, procedures, and plans and to help identify weaknesses based on real-world conditions. The MSEL should be used to track participant responses to injects and deviations from expected behaviors and to help reinforce the learning points associated with those actions.
• Objective 1—Can the team avoid a disruption to operations during an incident?
•  Objective 2—Can the team tell the difference between a real issue and a false positive?
•  Objective 3—Identify any gaps in technology controls, ...