The NIST cybersecurity framework requires an organisation to identify, protect and detect threats, but also to respond and recover effectively in the event of a cyber incident.
This repository allows you, as the facilitator, to guide your organisation’s top team through the ‘fog of war’ that is often the backdrop to such incidents, to practice their own response and to learn from and address any issues.
You can choose from the distinct open-source exercises provided here: each consists of a full introduction for the facilitator and a number of distinct turns to portray the course of the incident, along with slides and handouts. They support a 2-hour session.
How to Run a Cybersecurity Exercise
The following links give detailed information for the facilitator to argue the case for such exercises. Also a few slides to display ahead of the scenario to set expectations and establish the rules and roles for the session.
1. Q&A for the Facilitator
Details the value of preparation, how to prepare for the ‘unknowable’, and the mechanics of running an exercise: how it will work best and how you might tailor for your organisation.
2. Setting the Scene for your top team (for all exercises)
PowerPoint slides to insert into the chosen incident. They set expectations and establish the rules and objectives of the session and the roles people will play.
1. Targeted Data Breach – an attacker steals some of the organisation’s data and makes a ransom demand. The data is subsequently maliciously altered and released into the public sphere.
2. DDoS (Distributed Denial of Service) – a targeted and overwhelming volume of orchestrated external traffic overloads online portals causing customers to lose access to the organisation’s systems. The attacker unleashes a number of attacks and demands a ransom to desist.
3. Major Data Breach – a third party notifies us that we may have seen a major loss of data into the public sphere. No ransom demand has been received.
4. Ransomware locks internal systems – (to be added)