// THREAT DETECTION AND DATA PRIVACY TERM
Exercise
A cybersecurity exercise is a simulated security incident, like a fire drill for cyber attacks, that tests an organization's response plan and team readiness. It's a practice session designed to find and fix weaknesses before a real attack happens.

TECHNICAL DEFINITION
A cybersecurity exercise is a structured simulation of a cyber attack scenario, such as a ransomware event or data breach, designed to test and validate an organization's Incident Response (IR) plan, security controls, and the capabilities of its CSIRT/SOC teams. These drills, which include tabletop exercises (TTX), functional tests, and full-scale simulations, assess procedural, technical, and communication readiness to enhance overall cyber resilience.
BACKGROUND
In computer security, Capture the Flag (CTF) is an exercise in which participants attempt to find text strings, called "flags", which are secretly hidden in purposefully vulnerable programs or websites. They can be used for both competitive or educational purposes. In two main variations of CTFs, participants either steal flags from other participants or from organizers. A mixed competition combines these two styles. Competitions can include hiding flags in hardware devices, they can be both online or in-person, and can be advanced or entry-level. The game is inspired by the traditional outdoor sport with the same name. CTFs are used as a tool for developing and refining cybersecurity skills, making them popular in both professional and academic settings.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- cyber drill
- wargame
- simulation
- tabletop exercise (TTX)
- red team exercise
- security drill
- incident response test
USAGE NOTE
The term's scope varies, from a simple discussion-based tabletop exercise (TTX) to a full-scale, live-action simulation involving opposing red and blue teams.
DEVELOPERS
Organizations developing technology related to Exercise.
Develops a high-fidelity cyber range platform that allows organizations to conduct realistic cybersecurity training, exercises, and security stack testing in a simulated but safe environment.
Offers security validation technologies and services, including red team exercises, tabletop exercises, and adversary emulation to test an organization's security controls and incident response capabilities.
Provides a platform for hands-on cybersecurity training that includes realistic simulations, crisis scenarios, and team-based exercises to build and measure the cyber skills of an organization's workforce.
A leading provider of Breach and Attack Simulation (BAS) technology. Their platform automates security testing, allowing organizations to continuously run simulated attacks and exercises to validate their security posture.
A not-for-profit organization that develops the MITRE ATT&CK framework, a globally-accessible knowledge base of adversary tactics used to plan and execute cyber exercises. They also develop Caldera, an open-source automated adversary emulation platform.
Provides adversary emulation and red teaming services that simulate the tactics, techniques, and procedures (TTPs) of real-world threat actors to rigorously test an organization's detection and response capabilities.
A U.S. armed forces command that plans and executes large-scale cyberspace training exercises, such as Cyber Flag, to prepare military and allied partner forces for real-world cyber operations.
Offers a cloud-based platform for interactive cybersecurity training and readiness, featuring individual skill-building modules and team-based cyber defense exercises that simulate real-world attacks.