Tabletop Exercises and Examples for Faculty

Disgruntled Graduate Student

This Tabletop Exercise, along with additional information and forms, can be found in PDF format here.

Exercise

Exercise Objectives

This exercise was designed to focus on the following objectives:

  • Identify options to assist students who are in a fragile emotional state,
  • Identify potential weaknesses in a group’s disaster recovery (DR) ability, and
  • Develop communication plans and access controls to mitigate rouge actors.

Incident Notification

Towards the end of a semester you receive news, directly or indirectly, that a current Graduate Student in your lab has received a poor mark on an exam. The student attributes the bad mark to you personally, having been required to work long hours in the lab the week before the exam. This student is a key member of your lab and helps to lead several experiments and manages your lab’s data server. Objectively, a single poor mark is not a major issue, but the student is taking the grade personally.

Inject #1

You meet with the student in your office. As you try to understand what is going on, it becomes clear that the student is angry about their grade, and blames you personally.

Based on the information introduced in Inject #1, discuss potential issues and key concepts that arise from this Inject. Then, identify additional decisions, communication flows, questions, and/or resources that would need to be addressed. The questions below are provided to help guide the discussion around general key points. However, these questions are not intended to define a rigid list of concerns that need to be addressed, nor will all of them be applicable to your individual situation.

  1. How would you respond to the student’s concerns? What tools do you have personally to try and deescalate the situation? What tools do you have to differentiate the level of risk of the student?

  2. What resources are available to the student at your institution that you could provide to them? Who could you call to provide you assistance with the student in this situation?

  3. Who should you contact, if anyone, within your group, department, institution, etc. to bring this situation to their attention? Is there any coordination that they would expect from you?

  4. Do you have any obligations to report the students conduct or behavior to your institution by law or policy? If so, who would you need to contact?

Inject #2

Despite your best efforts, the graduate student is still very upset and decides to not sit for any other exams for the semester. As the semester draws to a close, you no longer see the student anymore in your lab. You find out that due to the poor marks, the student is being removed from their academic program. You hear that the student intends to leave at the end of the week to go back to their home country to avoid visa issues.

Based on the information introduced in Inject #2, discuss potential issues and key concepts that arise from this Inject. Then, identify additional decisions, communication flows, questions, and/or resources that would need to be addressed. The questions below are provided to help guide the discussion around general key points. However, these questions are not intended to define a rigid list of concerns that need to be addressed, nor will all of them be applicable to your individual situation.

  1. What information should you gather from the outgoing student? Do you need, or want, to conduct an exit interview to better understand and learn from the situation?
  2. What documentation, if any, of the work the student was conducting in the lab would be helpful to have for continuity purposes?
  3. Do you have any obligations or need to allow the student to continue to access the lab after they leave? If so, what actions need to be taken to retain that access?
  4. Who should you contact, if anyone, within your group, department, institution, etc. to bring this situation to their attention? Is there any coordination that they would expect from you?

Inject #3

If in Inject #2 you revoked the graduate students’ access to the data server, you may skip this section. The now former student flies out on a Sunday back to their home country. The next morning, you receive several frantic emails from members of the lab. No one can access the data server for the lab, upon inspection the data server has been wiped.

Based on the information introduced in Inject #3, discuss potential issues and key concepts that arise from this Inject. Then, identify additional decisions, communication flows, questions, and/or resources that would need to be addressed. The questions below are provided to help guide the discussion around general key points. However, these questions are not intended to define a rigid list of concerns that need to be addressed, nor will all of them be applicable to your individual situation.

  1. What options do you have to recover the data? How long might this recovery take (such as time to get the data to you, time to reformat the server, etc.)? How expensive would the recovery be (such as shipping a drive, AWS Egress, etc.)? Who would you need to reach out to for assistance with data recovery?
  2. What research are you able to conduct without the data server?
  3. Do you have any obligations to report this event to funding agencies and/or co-PI’s? If so, who do you need to reach out to and by what means?
  4. Do you have any obligations to report this event to law enforcement and/or Information Security Office (ISO)? If so, who do you need to reach out to and by what means? Will you be able to immediately begin rebuilding or will they need to have access to your devices for investigative purposes (such as forensic analysis)?
  5. Who should you contact, if anyone, within your group, department, institution, etc. to bring this situation to their attention? Is there any coordination that they would expect from you?

Inject #4

If in Inject #2 you revoked the graduate student’s access to the backup solution, or if you do not currently have a backup solution, you may skip this section. In a frantic search, you go to check your file backup solution. However, you find that the backups have been wiped and you are unable to access any of the files. It appears that your former student destroyed the copies on your backup solution at the same time as the original copy in the lab.

Based on the information introduced in Inject #4, discuss potential issues and key concepts that arise from this Inject. Then, identify additional decisions, communication flows, questions, and/or resources that would need to be addressed. The questions below are provided to help guide the discussion around general key points. However, these questions are not intended to define a rigid list of concerns that need to be addressed, nor will all of them be applicable to your individual situation.

  1. Do you have additional data recovery options? Were copies kept in a snapshot system (such as file system based snapshots, snapshots managed by a third party, etc.) that could be leveraged to recover the data? If so, how long will the snapshots be preserved for you to leverage?
  2. Is it possible to recover some or all of your data from an immutable source, such as a CD/DVD or Tape? Would a research partner have a copy of some or all of your research data?
  3. Do you have any obligations to report this event to funding agencies and/or co-PI’s? If so, who do you need to reach out to and by what means?
  4. Do you have any obligations to report this event to law enforcement and/or Information Security Office (ISO)? If so, who do you need to reach out to and by what means? Will you be able to immediately begin rebuilding or will they need to have access to your devices for investigative purposes (such as forensic analysis)?
  5. Who should you contact, if anyone, within your group, department, institution, etc. to bring this situation to their attention? Is there any coordination that they would expect from you?

Inject #5

If in Inject #2 you revoked the graduate student’s access to your computing systems, you may skip this section. Having now discovered that all of the data is gone, you try to determine if any local copies of data might have been kept on the desktops in the lab. As you begin to do this, you realize that each of the desktops have been wiped. This is when you remember that you provided your former student with access to the desktop administrative accounts in order to mount the lab file server. You have now lost all of your data and all of the custom configurations that were required to conduct your research.

Based on the information introduced in Inject #5, discuss potential issues and key concepts that arise from this Inject. Then, identify additional decisions, communication flows, questions, and/or resources that would need to be addressed. The questions below are provided to help guide the discussion around general key points. However, these questions are not intended to define a rigid list of concerns that need to be addressed, nor will all of them be applicable to your individual situation.

  1. What research are you able to conduct without the computing systems in your lab?
  2. Do any provisioning scripts exist to reinstall the systems? If so, how long will the provisioning take?
  3. Are there resources within your group, department, institution, etc. that could be leveraged to assist in rebuilding (such as a central IT group)? If so, who would you need to contact and what cost in charge-backs, if any, would be levied?
  4. Do you have any obligations to report this event to funding agencies and/or co-PI’s? If so, who do you need to reach out to and by what means?
  5. Do you have any obligations to report this event to law enforcement and/or Information Security Office (ISO)? If so, who do you need to reach out to and by what means? Will you be able to immediately begin rebuilding or will they need to have access to your devices for investigative purposes (such as forensic analysis)?
  6. Who should you contact, if anyone, within your group, department, institution, etc. to bring this situation to their attention? Is there any coordination that they would expect from you?

Hot Wash

Questions to Consider

  • Based on your discussions, what should happen in a best case scenario?
  • Based on your discussions, what would happen if this event took place tomorrow?
  • Having both of these discussions in mind, what difference exists between your current preparedness level and the best case preparedness level?
  • Having completed the exercise, what went well that you would continue in the future? In what areas were you unprepared? What would you stop doing to improve your outcome? What can you start doing today to improve your outcome in a future exercise or real event?
  • If you did not have a plan for this situation, what are your action items and timeline to create one? If you did have a plan, what are your action items and timeline to update it?
  • When will we conduct this exercise again?