Incident Response & Continuity Exercising Simulations

Provided by

Enquire about this course

Overview

We Build Human Resilience

Designing crisis management plans and playbooks is a good start to building a business continuity programme. What comes after having written that plan, however, often gets neglected.

Time will tell how people work together when a crisis strikes: you can build and test your tech defences, but do you know how your crisis team members will work together, when the pressure is high?

We Prepare Your Crisis Team

Our mission is to help our clients prepare to better handle business disruptions, like cyber incidents. We do this by running incident simulation exercises with them, analysing their responses and team dynamics under stress, and selecting the most suitable learning programme for them to make improvements.

Resilience Dojo Exercising and Learning Programmes were created by our interdisciplinary team. All our scenarios and learning modules are based on the expertise of our team members, and informed by the latest research in organisational psychology, good practice in risk management and crisis communications.

We have built our immersive exercise scenarios and learning modules for various target audiences, helping you arm your team members with the necessary skills they need to have to manage a crisis effectively.

Exercise Scenarios (see below)
  • MoneySafe Ransomware
  • MoneySafe DeepFake Crisis
  • SafeCom 2FA Fraud
  • AWU Supply Chain
  • AWU - OT / IT
  • Trusted Foods Safety
  • City of Londonia Police
Prerequisites

There are no prerequisites.

Learning Outcomes

To get started with the Resilience Dojo Exercising and Learning Programme, all you have to do is to answer a few questions about your team and requirements, so we can recommend you the right scenario for your baseline exercise.

The baseline exercise is typically a facilitated crisis simulation exercise, delivered through the Resilience Dojo Exercising Platform. Our ready-made scenarios were designed by risk management and organisational psychology experts and reflect on different industry threat landscapes: for instance banking, critical national infrastructure, and production environments.

CyberFish facilitators will observe team dynamics and risk management decision paths taken by the team members. These will be summarised in an Executive Summary, that you can use for building up a roadmap for improvements for the crisis management function. The report can also be used for ISO 27001 or 22301 audits as proof of having exercised the competencies of crisis management team members.

The next step will be putting together your tailored self-paced automated learning modules, designed to focus on areas highlighted in the Executive Summary: addressing skills gaps that can make your team more effective when responding to real-life crises.

Outline

CyberFish offer facilitated and self-paced Exercising and Learning modules for the wider crisis management team via our Resilience Dojo Platform.

Making Teams Crisis-Ready - The Exercise Scenario Library

1. Exercise Scenario - MoneySafe Ransomware

This scenario focuses on the experience of MoneySafe Bank, as it is targeted by a developing malicious ransomware cyber-attack. The attack impacts the investment banking branch first before spreading to the retail and corporate parts of the business. Playing the scenario, delegates will be addressing a number of events and will be taken through technical, organisational and professional challenges. Players will take on the role of the Bank;s Incident Response Team.

They will be expected to make key assessments, decisions and recommendations over the course of the incidents as the attack intensifies across the Bank, managing the demands of the panicked clients, the public and media, financial regulators and data protection authorities, investigatory authorities and international information-sharing networks among other challenges.

Play time:
  • Full Exercise: 4 hours (Facilitated)
  • Basic Challenges: 90 mins (Automated)
Technical Maturity:
  • Medium
Recommended Delegates:
  • Crisis Management Teams and Comms Teams
Competencies Exercised:
  • IR process (NIST), Data Protection (GDPR), Ransomware Playbooks, Crisis Communications, Debriefing Senior Stakeholders and Media Representatives
2. Exercise Scenario - MoneySafe DeepFake Crisis

This scenario focuses on the experience of MoneySafe Bank, as it becomes victim of a complex disinformation and misinformation attack. The incident involves the deliberate spread across social media of both mis and disinformation efforts to undermine the reputation of the company, damage its reputation and undermine the legitimacy of its CEO. The incident subsequently includes a deepfake video (a synthetically machine generated video), which is released online, the issue immediately becomes more serious and impact to the company more consequential.

Delegates will practice response to combat future mis and disinformation attacks, and how to safeguard the reputation of the business following an incident.

Play time:
  • Full Exercise: 4 hours (Facilitated)
  • Basic Challenges: 90 mins (Automated)
Technical Maturity:
  • Medium
Recommended Delegates:
  • Financial Sector & Government
Competencies Exercised:
  • RESIST 2 Counter Disinformation Framework, Data Protection (GDPR), Crisis Communications, Decision Making, Stakeholder Management, Wider Impact of Dis/Misinformation Attacks
3. Exercise Scenario - SafeCom 2FA Fraud

The scenario is set in a fictitious country, Ambrosia, where SafeCom are the main telecommunications provider. Safecom recently became majority-owned by a global telco, headquartered in Denver, Americas. This scenario;s challenges focus on the experience of SafeCom as it is targeted by an advanced cybercrime group: they have managed to get access to a part of the carrier;s network signalling equipment.

The local banks in Ambrosia rely on SMS as a 2FA tool in their security processes... Delegates will take on the role of SafeCom;s Board (minus an absent CEO). The technical challenges are amplified by widely publicised news of cybercrime nearly claiming the life of Amina, a local restaurant owner in Ambrosia, who is claiming that she had been a victim of banking fraud.

Play time:
  • Full Exercise: 4 hours (Facilitated)
  • Basic Challenges: 90 mins (Automated)
Technical Maturity:
  • Medium
Recommended Delegates:
  • Financial Sector & Telco
Competencies Exercised:
  • IR process, Supply Chain (NIST), Leadership, Crisis Comms, Statements, Regulatory Issues, Decision Making, Business & Societal Impact of Cyber Attacks
4. Exercise Scenario - AWU Supply Chain

The exercise takes participants back to Amazonia Water UK (AWU), which was recently acquired by a US energy company, as part of their ;greening; programme. Playing the previous AWU exercise is not prerequisite to understanding this game. This exercise challenges cross-functional business understanding, and recognition of internal team / supply chain challenges from different perspectives. Participating will foster cross functional business understanding between teams and help to developing a shared language for crisis management decision-making and comms between IT and commercial teams.

Delegates will take the role of Board members at AWU and the objective of the exercise will be to arrive at mutually acceptable ways of co-operating and experiencing pressures from different perspectives revolving around a supply chain & contract breach.

Play time:
  • Full Exercise: 4 hours (Facilitated)
  • Basic Challenges: 90 mins (Automated)
Technical Maturity:
  • Low to Medium
Recommended Delegates:
  • Supply Chain Partners and Different Organisational Units to Play Together
Competencies Exercised:
  • Cross-Functional Co-Operation, Regulatory Compliance (NIS, DWI, NIST), Crisis Comms, Decision-Making (Strategic and Tactical) & Business Implications
5. Exercise Scenario - AWU - OT / IT

The incident is playing out in a private UK water company, Amazonia Water UK (AWU), which was recently acquired by a US energy company, as part of their ;greening; programme. The management of the US company don;t see water as a major part of the Group;s revenue or value... The water company has an IT estate and an OT estate. There are barriers between these estates, for security and monitoring purposes, but many years of nothing going seriously wrong has allowed some OT-side monitoring computers to have direct connections to management systems in the IT estate...

Delegates will take the role of Board members at AWU and will be making decisions responding to the technical incursion. They will have to take into account the risks to the public, health and reputation of the company, and the public;s expectations, whilst defending the business interests and reputation of their parent company.

Play time:
  • Full Exercise: 4 hours (Facilitated)
  • Basic Challenges: 90 mins (Automated)
Technical Maturity:
  • Medium to High
Recommended Delegates:
  • Critical National Infrastructure
Competencies Exercised:
  • Regulatory Compliance (NIS, DWI, NIST), Cyber Security Strategy, Crisis Comms, Press Conference Practice, Decision-Making
6. Exercise Scenario - Trusted Foods Safety

Could eco-warriors manage to get access to the internal OT network of a food producer;s mill operations, and adjust the ingredients going into organic food production? Or is an insider behind the evolving attack at Trusted Foods? An exercise geared towards production environments in the food supply chain and/or FMCG IR teams. Delegates will be taking the role of the Incident Response team at Trusted Foods Ltd., as it's targeted by a global environmental movement, who seems to have gained access to confidential information from the company networks.

Participants will be challenged across different areas, such as customer safety issues, working with regulators and making key decisions as they progress through the different stages of the evolving attack.

Play time:
  • Full Exercise: 4 hours (Facilitated)
  • Basic Challenges: 90 mins (Automated)
Technical Maturity:
  • Medium
Recommended Delegates:
  • Crisis Management Team, Comms Team, Quality Assurance Teams in FMCG Production
Competencies Exercised:
  • Cross-Functional Co-Operation, Regulatory Compliance, Crisis Comms, Decision-Making, Customer Relationships Management, Food Supply Chain and Foods Safety
7. Exercise Scenario - City of Londonia Police

This scenario focuses on an APT attack against a nation-state (United Queendom, capital city Londonia). Participants will assume the role of new Head of Security Operations of the National Cyber Security Centre and will be tasked with reacting, responding, and mitigation of a series of escalating cyber and cyber-physical threats. The attack culminates with malicious activity targeting the nation;s central police databases. Several cyber security incidents are covered in the scenario, such as a DDoS attack, VPN vulnerabilities, business email compromise fraud, malware and data theft.

Other challenges and decision points

Enquire

Start date Location / delivery
No fixed date United Kingdom Book now
01132207150 01132207150

Related article

The Cyber Pulse is QA's new portal to free Cyber content, including on-demand webinars, articles written by leading experts,