Login
      Contents x
      Exercise Concepts
      • 16 Jul 2024
      • 3 Minutes to read
      • PDF
      Contents

      Exercise Concepts

      • Updated on 16 Jul 2024
      • 3 Minutes to read
      • PDF
      Article summary

      Exercises

      Exercises are a great way to practice realistic scenarios and improve your skills. Exercises are self-guided and can be conducted individually or in a group setting. An exercise includes the following core components:

      1. Scenario

      2. Attendees

      3. Skills

      4. Retrospectives

      5. Actions & Notes

      6. Reporting

      All exercises work through the same stages:

      1. Not Started—A scenario has been selected but not committed for exercising yet

      2. In Progress—A scenario is currently being exercised

      During this stage, you’ll move through the scenario and respond to various questions. You’ll note responses to each question, or take overall notes using the Exercise Notepad.

      1. Exercised—A scenario has been exercised and is ready to be retrospected

      2. Retrospecting—A completed exercise is being reviewed

      During this stage, you’ll record retrospective notes on each part of the exercise. From the Response maturity level dropdown, you will assess the maturity of your response using the COBIT-19 maturity scale and assign it a score.

      1. Retrospected—A retrospective has been completed and an Exercise Report is available

      If you would like Red Canary to facilitate an exercise with your team and conduct the retrospective, please reach out to your Customer Success Manager to learn more about Red Canary Facilitated Exercises.

      Scenarios

      Scenarios describe realistic situations you want to be ready for. They can be relevant to specific user personas, threat types, exercise durations, and categories. Each scenario has the following traits:

      • Scenario Description

      • Estimated Duration

      • Category

        • Cybersecurity—Scenarios that help prepare your organization for top threats and types of security incidents by exercising critical response skills, processes, and playbooks

        • Cybersecurity > Atomic Red Team (ATT&CK)—A subcategory of cybersecurity scenarios that are specifically focused on exercising atomic tests to validate and improve technical controls

        • Business Continuity—Scenarios that map broadly to incidents and threats outside the realm of cybersecurity, but often impact cybersecurity or technical operations (i.e., natural disasters, physical security breaches, pandemic disruptions, etc.)

      • Attendee Personas or Roles that the scenario involves, including roles like Security Operations, Executive (CXO), Legal, Communications, and more

      • Intelligence & Threat Mappings (ATT&CK, Adversary Profiles, etc.)
        blobid0.png

      To further explore...

      • Explore scenarios that you’d typically conduct as a tabletop with your larger team

      • Explore scenarios that prepare you for real-world adversary groups that Red Canary saw trending during our most recent Threat Detection Report

      Skills

      Skills are the atomic building blocks that make up each scenario. Skills most often map to the National Institute of Standards and Technology (NIST)’s recommended incident response phases. The phase includes:

      1. Preparation

      2. Detection & Analysis

      3. Containment

      4. Eradication & Recovery

      5. Post-Incident Activity

      Every skill includes a specific set of relevant discussion points. These discussion points are how you exercise, evaluate, and improve your capabilities to perform that specific skill.

      Retrospectives

      Red Canary helps you conduct a great retrospective and continuously improve. The goal of every great retrospective is to ask:

      • What worked well that we should repeat?

      • What could we do more or less of?

      • What action items will we prioritize?

      You will be asked to record any notes you have about each topic in the scenario. It is preferable to request diverse feedback from the team on what went well and what did not.

      You’ll also be asked to assess the maturity of your team’s response. Red Canary employs the COBIT-19 maturity scale, which provides a consistent method of determining your level of maturity. If you are unfamiliar with COBIT-19, don't be concerned if you give yourself many 3's — this is entirely normal! The assessment aims to help you understand where you might want to invest more in the future.
      maturity level.png

      Actions

      Actions frequently arise during an exercise or its retrospective. Recording those actions and completing them is critical to improving your readiness. These actions are commonly associated with specific gaps or areas for improvement in your response processes that you identify when running the scenario.

      Learn how to Create and Manage Actions here.

      Reporting

      Once you have completed and retrospected an exercise, you can print or export the exercise’s report, similar to the information you’d get from a tabletop facilitator. This report will outline all critical details associated with the exercise. Click here to learn more about how to export a report.
      Print.png

      Was this article helpful?
      What's Next
      PRODUCTS
      USE RED CANARY
      SUPPORT
      Change password!
      Changing your password will log you out immediately. Use the new password to log back in.
      Change profile
      Success!
      First name must have atleast 2 characters. Numbers and special characters are not allowed.
      Last name must have atleast 1 characters. Numbers and special characters are not allowed.
      Enter a valid email
      Enter a valid password
      Your profile has been successfully updated.
      Logout