// THREAT DETECTION AND DATA PRIVACY TERM

Exercise

A cybersecurity exercise is a simulated security incident, like a fire drill for cyber attacks, that tests an organization's response plan and team readiness. It's a practice session designed to find and fix weaknesses before a real attack happens.

Exercise — illustration from Wikipedia
Image via Wikipedia

TECHNICAL DEFINITION

A cybersecurity exercise is a structured simulation of a cyber attack scenario, such as a ransomware event or data breach, designed to test and validate an organization's Incident Response (IR) plan, security controls, and the capabilities of its CSIRT/SOC teams. These drills, which include tabletop exercises (TTX), functional tests, and full-scale simulations, assess procedural, technical, and communication readiness to enhance overall cyber resilience.

BACKGROUND

In computer security, Capture the Flag (CTF) is an exercise in which participants attempt to find text strings, called "flags", which are secretly hidden in purposefully vulnerable programs or websites. They can be used for both competitive or educational purposes. In two main variations of CTFs, participants either steal flags from other participants or from organizers. A mixed competition combines these two styles. Competitions can include hiding flags in hardware devices, they can be both online or in-person, and can be advanced or entry-level. The game is inspired by the traditional outdoor sport with the same name. CTFs are used as a tool for developing and refining cybersecurity skills, making them popular in both professional and academic settings.

READ MORE ON WIKIPEDIA

SYNONYMS & ALIASES

  • cyber drill
  • wargame
  • simulation
  • tabletop exercise (TTX)
  • red team exercise
  • security drill
  • incident response test

USAGE NOTE

The term's scope varies, from a simple discussion-based tabletop exercise (TTX) to a full-scale, live-action simulation involving opposing red and blue teams.

DEVELOPERS

Organizations developing technology related to Exercise.

  • SimSpace

    Develops a high-fidelity cyber range platform that allows organizations to conduct realistic cybersecurity training, exercises, and security stack testing in a simulated but safe environment.

  • Mandiant (Google Cloud)

    Offers security validation technologies and services, including red team exercises, tabletop exercises, and adversary emulation to test an organization's security controls and incident response capabilities.

  • Immersive Labs

    Provides a platform for hands-on cybersecurity training that includes realistic simulations, crisis scenarios, and team-based exercises to build and measure the cyber skills of an organization's workforce.

  • Cymulate

    A leading provider of Breach and Attack Simulation (BAS) technology. Their platform automates security testing, allowing organizations to continuously run simulated attacks and exercises to validate their security posture.

  • MITRE Corporation

    A not-for-profit organization that develops the MITRE ATT&CK framework, a globally-accessible knowledge base of adversary tactics used to plan and execute cyber exercises. They also develop Caldera, an open-source automated adversary emulation platform.

  • CrowdStrike

    Provides adversary emulation and red teaming services that simulate the tactics, techniques, and procedures (TTPs) of real-world threat actors to rigorously test an organization's detection and response capabilities.

  • U.S. Cyber Command (USCYBERCOM)

    A U.S. armed forces command that plans and executes large-scale cyberspace training exercises, such as Cyber Flag, to prepare military and allied partner forces for real-world cyber operations.

  • RangeForce

    Offers a cloud-based platform for interactive cybersecurity training and readiness, featuring individual skill-building modules and team-based cyber defense exercises that simulate real-world attacks.

RELATED TERMS IN INCIDENT RESPONSE