This guide includes considerations to take into account before scheduling an exercise and is separated into the following sections:
Exercise types: Which type do I choose?
We have three different exercise types available: single player, drill, and presentation:
Single Player and Drill exercises both allow for asynchronous events, which means participants can complete the exercise in their own time, at their leisure, or in an assigned time period.
Presentation exercises allow for facilitated events. The exercise must be run by a host and can be presented to an unlimited number of people, who need to take part in the exercise at the same time.
Below, find more information on the exercise types, including their benefits and limitations. It's important to select the exercise type that supports fulfilment of exercising objectives.
Single Player
This exercise allows participants to complete it in their own time, working in isolation and making individual choices.
Benefits of setting up this type of exercise include:
- testing a participant's end-to-end crisis response
- understand how different members of your team respond to situations
- analyze an individual's choices and justifications
- obtain completion metrics
Drill
A Drill assigns individuals specific roles to see how they'd come together as a team in a crisis - multiple participants complete one exercise, individually, in their own time. Individuals only participate in injects (decision points) that are relevant to the role assigned to them.
You can only assign one user per role but the same user can be assigned multiple roles.
Choose this exercise to:
- assign participants specific roles
- test communication between team members
- test response times
- highlight skill gaps
- improve cohesion
Presentation
This is the exercise type to use during a presentation or with an audience. Use the Presentation exercise type to facilitate an exercise remotely, using video-conferencing tools, or even in-person. Participants will be able to vote for the best course of action to take in a crisis, as the storyline unfolds.
Benefits of using Presentation include:
- Anyone can be invited to participate
- Ideal for large groups of participants - key learning delivered at once
- The facilitator can guide the group's direction through the narrative, highlight key learning and spark debate.
Limitations:
- no individual metrics for users
- requires participants to be available at the same time (perhaps less useful for teams across different time zones)
Choosing a scenario
Industry sector, attack vector, threat actor
When choosing a scenario for your exercise, you should consider the industry sector your organization is operating in, as well as the type of attack or threat actor to which you want to expose your participants.
We've included some filters on the left hand-side to help you browse scenarios by industry sector, attack vector or threat actor.
Note: Some scenarios are not compatible with Drill, which is why we have a 'Exercise Compatibility' filter available within the scenario catalog. |
You can find a description of some of our most popular attack vectors below:
- Insider threat - malicious or accidental action by an employee causing a security incident.
- Ransomware attack - designed for any user at any organization, these scenarios provide an overview of the challenges in cybersecurity by providing the basics of how threats work and fundamental cyber terminology and technology
- Unauthorized access - access to systems, accounts, and data by an unauthorized person (internal or external). For example, illegitimate access to someone's email or account.
- Supply chain compromise - the manipulation of products or delivery mechanisms for the purpose of information or system compromise before they are received by the final consumer. This compromise can negatively impact any hardware or software component and even update channels.
- Phishing - users are tricked into selecting malicious links on seemingly official communications such as email and text messages sent by attackers,
- Targeted attack - a specific business is targeted by a sophisticated attacker (often encompassing several of the above categories)
- Remote working - an attack targeting remote workforces, which has been very common since the pandemic.
Exercise type and format
Consider how you’d run the exercise: asynchronously or as a presentation?
Understand how different scenarios are presented as single-player or presentation exercises.
In the scenario catalog, select the scenario you’re interested in, and then select the preview button. Choose to either preview in single-player mode or to preview in presentation mode. This allows you to see exactly how a scenario appears for participants in each case.
For support in choosing a custom scenario, contact our Support Team or your Customer Success Manager.