A war game simulates a prolonged and persistent cyber-attack in several multifaceted phases and challenges the various responses, methods, teams, and decision-makers to cope with complex scenarios.
The war game is designed to examine how your organization responds to realistic simulated cyber crises; how it enacts & adapts business continuity plans, how appropriate your contingency plans are, and under which conditions they are more likely to fail.
The war game tests and monitors technology, processes, and procedures, through the phases of identification, defense, response, and recovery to an attack in depth.
War games test resilience, and build capability.
It is increasingly apparent that static security measures provide inadequate defense against sophisticated attacks, and organizations need to build confidence in their ability to recover rapidly, and resume normal operations.
The ability to resist, react, and manage such attacks requires an effective combination of technology processes and managerial procedures. Common failings in response to cyber-attack are found among different staff teams in their situational analysis, decision making, communication, and working practices during a crisis.
It is therefore important to elevate the organization’s knowledge, capabilities, understanding, and awareness by simulating a process that enables learning under real-world conditions that war games provide.
After the event there is a debrief workshop which includes a full analysis of the war game, review of different groups’ performance and self-assessment, reporting on the effectiveness of technology and methodologies, and feedback on:
- Situation Awareness
- Crisis Management Practices
- Decision Making and Decision Taking
- Employing Deception Tactics and Methods
- Risk Assessment Methods
- Communications: Internal & External
The workshop concludes by building consensus around a hierarchy of priorities for security, planning, and lessons learned