Strategic Cybersecurity Exercise Methodology
Our Strategic Cybersecurity Exercise Methodology utilizes a Work Package Approach that covers 7 Key Topics in order to successfully prepare and conduct a strategic cybersecurity exercise.
The Work Packages serve as milestones of the lifecycle of an Exercise from start to finish, whilst the Key Topics provide a structure for critical components in preparing an Exercise:
- Key Topic 1: Identification of Needs and Limitations
- Key Topic 2: Objectives of the Exercise
- Key Topic 3: Assessment and Benchmarking Methodology
- Key Topic 4: Customization Requirements
- Key Topic 5: Target Audience
- Key Topic 6: Threat Vectors
- Key Topic 7: Working Groups
Our Strategic Cybersecurity Exercise Methodology takes into account 7 primary Key Topics in order to successfully prepare and conduct a strategic cybersecurity exercise.
The Work Package Approach
Work Package 1: Preparation
Work Package 1 deals with preparatory activities of the exercise, including coverage of all 7 key topics and creation of the training materials.
Work Package 2: Conduct
Work Package 2 deals with the set-up and conduct of the exercise event including moderation and facilitation, usage of software tools and data collection.
Work Package 3: Analysis
Work Package 3 deals with after-action activities of the exercise, primarily focused on the dissemination of data, identification of key outcomes and lessons learned as well as creation of the exercise report.
Key Topics
The goal of the Key Topics is to dissect the entirety of the exercise into tangible and actionable pillars that provide the baseline input for exercise preparations. As the exercise scenario is designed as bespoke, certain particularities related to the context and content need to be clarified in order to deliver the most applicable training materials
Identification of Needs and Limitations
The first key topic focuses on identifying any needs and limitations that might arise related to the conduct of the exercise such as restrictions and sensitivities.
Objectives of the Exercise
The second key topic focuses on the objectives of the exercise and their validation against the particular target audience. Objectives might include raising awareness, enhancing information sharing and increasing cooperation, identifying shortcomings, developing specific capabilities or regular general practise.
Assessment and Benchmarking Methodology
The third key topic focuses on fixation of the measurable outcomes of the exercise. Of significant importance is the introduction of a comprehensive, measurable model that allows for clear assessment of participant inputs by the exercise management team. Furthermore, attributability of responses, clarity of assessment metrics are to be confirmed.
Customization Requirements
The fourth key topic focuses on the creation of the exercise content and its customization. Geographical and cultural localization, context adoption of the target audience and creation and modification of key actors and events is covered and validated for a more engaging and relatable training experience.
Target Audience
The fifth key topic focuses on the definition of the target audience to define the level of expertise required and detail of discussions to be had during the conduct of the exercise. A balanced list of participants attains that all of the critical areas of the scenario topics are covered.
Threat Vectors
The sixth key topic focuses on the threat vectors of the exercise scenario. As the exercise is structured to familiarize participants with particular threats and challenges, it is imperative that the posed threats are relevant, realistic, possible and manageable for the target audience. Furthermore, it is crucial to define the exercise scenario to be an escalation of consecutive cyber-attacks or a sequential installation of several different engagements.
Working Groups
The seventh key topic focuses on the organization of the target audience into possible separate working groups depending on the roles, responsibilities and functions of the participants as well as the exercise objectives and desired outcomes.