Cybersecurity Exercises

Conducting exercises to test your Incident Response Plan is an integral part of preparing your organization for a cyberattack.

Discussion-based Exercises

Discussions-based Exercises familiarize participants with current plans, policies, agreements, and procedures, or may be used to develop new plans, policies, agreements, and procedures. Discussion-based Exercises include the following:

  • Seminar: A seminar is an informal discussion, designed to orient participants to new or updated plans, policies, or procedures (e.g., a seminar to review a new Evacuation Standard Operating Procedure).
     
  • Workshop:  A workshop resembles a seminar, but is employed to build specific products, such as a draft plan or policy (e.g., a Training and Exercise Plan Workshop is used to develop a Multi-year Training and Exercise Plan).
     
  • Tabletop Exercise (TTX): A tabletop exercise involves key personnel discussing simulated scenarios in an informal setting. TTXs can be used to assess plans, policies, and procedures.
     
  • Games: A game is a simulation of operations that often involves two or more teams, usually in a competitive environment, using rules, data, and procedure designed to depict an actual or assumed real-life situation.

Operations-based Exercises

Operations-based Exercises validate plans, policies, agreements, and procedures, clarify roles and responsibilities, and identify resource gaps in an organization.  Operations-based exercises include the following:

  • Drill: A drill is a coordinated, supervised activity usually employed to test a single, specific operation or function within a single entity (e.g., a fire department conducts a decontamination drill).

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.