5 top tips for conducting a successful Cyber Exercise
Be clear about the objectives for the exercise, and what it is trying to test. If you do this, and build the exercise around the objectives, it is much more likely to be successful. This is the starting point for any exercise. Ask the question, “what am I trying to achieve and why?”. This then means you can measure the success of the exercise afterwards.
Set out ground rules at the start of the exercise – all players must be clear what is in and out of scope for the exercise, how to interact with each other, and that they all have the same level of commitment to the exercise. This will save from misunderstandings and confusion once the exercise starts.
Use scenarios that are appropriate for the exercising audience – threat intelligence or information sharing platforms such as CISP are great for building realistic scenarios to the exercising team, based on real world incidents. The scenario also needs to include business impact – so analysing and understanding the business is key, to add business context to the exercise.
Create a narrative – people remember stories (which is why exercising is great), so a strong narrative running throughout the exercise will enable participants (and those exercise findings are reported to) remember what they found, and communicate it to others in an interesting way.
Have an independent observer to facilitate, record lessons identified and analyse interactions between players. This will ensure the learning that takes place during the exercises is captured, and can be acted upon – without which why are you running the exercise to start with?!