Overview

We Build Human Resilience

Designing crisis management plans and playbooks is a good start to building a business continuity programme. What comes after having written that plan, however, often gets neglected.

Time will tell how people work together when a crisis strikes: you can build and test your tech defences, but do you know how your crisis team members will work together, when the pressure is high?

We Prepare Your Crisis Team

Our mission is to help our clients prepare to better handle business disruptions, like cyber incidents. We do this by running incident simulation exercises with them, analysing their responses and team dynamics under stress, and selecting the most suitable learning programme for them to make improvements.

Resilience Dojo Exercising and Learning Programmes were created by our interdisciplinary team. All our scenarios and learning modules are based on the expertise of our team members, and informed by the latest research in organisational psychology, good practice in risk management and crisis communications.

We have built our immersive exercise scenarios and learning modules for various target audiences, helping you arm your team members with the necessary skills they need to have to manage a crisis effectively.

Exercise Scenarios (see below)

  • MoneySafe Ransomware

  • MoneySafe DeepFake Crisis

  • SafeCom 2FA Fraud

  • AWU Supply Chain

  • AWU - OT / IT

  • Trusted Foods Safety

  • City of Londonia Police

Cyberfish logo

Read more

Prerequisites

There are no prerequisites.

Read more

Learning Outcomes

To get started with the Resilience Dojo Exercising and Learning Programme, all you have to do is to answer a few questions about your team and requirements, so we can recommend you the right scenario for your baseline exercise.

The baseline exercise is typically a facilitated crisis simulation exercise, delivered through the Resilience Dojo Exercising Platform. Our ready-made scenarios were designed by risk management and organisational psychology experts and reflect on different industry threat landscapes: for instance banking, critical national infrastructure, and production environments.

CyberFish facilitators will observe team dynamics and risk management decision paths taken by the team members. These will be summarised in an Executive Summary, that you can use for building up a roadmap for improvements for the crisis management function. The report can also be used for ISO 27001 or 22301 audits as proof of having exercised the competencies of crisis management team members.

The next step will be putting together your tailored self-paced automated learning modules, designed to focus on areas highlighted in the Executive Summary: addressing skills gaps that can make your team more effective when responding to real-life crises.

Read more

Outline

CyberFish offer facilitated and self-paced Exercising and Learning modules for the wider crisis management team via our Resilience Dojo Platform.

Making Teams Crisis-Ready – The Exercise Scenario Library

1. Exercise Scenario - MoneySafe Ransomware

This scenario focuses on the experience of MoneySafe Bank, as it is targeted by a developing malicious ransomware cyber-attack. The attack impacts the investment banking branch first before spreading to the retail and corporate parts of the business. Playing the scenario, delegates will be addressing a number of events and will be taken through technical, organisational and professional challenges. Players will take on the role of the Bank’s Incident Response Team.

They will be expected to make key assessments, decisions and recommendations over the course of the incidents as the attack intensifies across the Bank, managing the demands of the panicked clients, the public and media, financial regulators and data protection authorities, investigatory authorities and international information-sharing networks among other challenges.

Play time:

  • Full Exercise: 4 hours (Facilitated)

  • Basic Challenges: 90 mins (Automated)

Technical Maturity:

  • Medium

Recommended Delegates:

  • Crisis Management Teams and Comms Teams

Competencies Exercised:

  • IR process (NIST), Data Protection (GDPR), Ransomware Playbooks, Crisis Communications, Debriefing Senior Stakeholders and Media Representatives

2. Exercise Scenario - MoneySafe DeepFake Crisis

This scenario focuses on the experience of MoneySafe Bank, as it becomes victim of a complex disinformation and misinformation attack. The incident involves the deliberate spread across social media of both mis and disinformation efforts to undermine the reputation of the company, damage its reputation and undermine the legitimacy of its CEO. The incident subsequently includes a deepfake video (a synthetically machine generated video), which is released online, the issue immediately becomes more serious and impact to the company more consequential.

Delegates will practice response to combat future mis and disinformation attacks, and how to safeguard the reputation of the business following an incident.

Play time:

  • Full Exercise: 4 hours (Facilitated)

  • Basic Challenges: 90 mins (Automated)

Technical Maturity:

  • Medium

Recommended Delegates:

  • Financial Sector & Government

Competencies Exercised:

  • RESIST 2 Counter Disinformation Framework, Data Protection (GDPR), Crisis Communications, Decision Making, Stakeholder Management, Wider Impact of Dis/Misinformation Attacks

3. Exercise Scenario - SafeCom 2FA Fraud

The scenario is set in a fictitious country, Ambrosia, where SafeCom are the main telecommunications provider. Safecom recently became majority-owned by a global telco, headquartered in Denver, Americas. This scenario’s challenges focus on the experience of SafeCom as it is targeted by an advanced cybercrime group: they have managed to get access to a part of the carrier’s network signalling equipment.

The local banks in Ambrosia rely on SMS as a 2FA tool in their security processes... Delegates will take on the role of SafeCom’s Board (minus an absent CEO). The technical challenges are amplified by widely publicised news of cybercrime nearly claiming the life of Amina, a local restaurant owner in Ambrosia, who is claiming that she had been a victim of banking fraud.

Play time:

  • Full Exercise: 4 hours (Facilitated)

  • Basic Challenges: 90 mins (Automated)

Technical Maturity:

  • Medium

Recommended Delegates:

  • Financial Sector & Telco

Competencies Exercised:

  • IR process, Supply Chain (NIST), Leadership, Crisis Comms, Statements, Regulatory Issues, Decision Making, Business & Societal Impact of Cyber Attacks

4. Exercise Scenario - AWU Supply Chain

The exercise takes participants back to Amazonia Water UK (AWU), which was recently acquired by a US energy company, as part of their ‘greening’ programme. Playing the previous AWU exercise is not prerequisite to understanding this game. This exercise challenges cross-functional business understanding, and recognition of internal team / supply chain challenges from different perspectives. Participating will foster cross functional business understanding between teams and help to developing a shared language for crisis management decision-making and comms between IT and commercial teams.

Delegates will take the role of Board members at AWU and the objective of the exercise will be to arrive at mutually acceptable ways of co-operating and experiencing pressures from different perspectives revolving around a supply chain & contract breach.

Play time:

  • Full Exercise: 4 hours (Facilitated)

  • Basic Challenges: 90 mins (Automated)

Technical Maturity:

  • Low to Medium

Recommended Delegates:

  • Supply Chain Partners and Different Organisational Units to Play Together

Competencies Exercised:

  • Cross-Functional Co-Operation, Regulatory Compliance (NIS, DWI, NIST), Crisis Comms, Decision-Making (Strategic and Tactical) & Business Implications

5. Exercise Scenario - AWU - OT / IT

The incident is playing out in a private UK water company, Amazonia Water UK (AWU), which was recently acquired by a US energy company, as part of their ‘greening’ programme. The management of the US company don’t see water as a major part of the Group’s revenue or value... The water company has an IT estate and an OT estate. There are barriers between these estates, for security and monitoring purposes, but many years of nothing going seriously wrong has allowed some OT-side monitoring computers to have direct connections to management systems in the IT estate...

Delegates will take the role of Board members at AWU and will be making decisions responding to the technical incursion. They will have to take into account the risks to the public, health and reputation of the company, and the public’s expectations, whilst defending the business interests and reputation of their parent company.

Play time:

  • Full Exercise: 4 hours (Facilitated)

  • Basic Challenges: 90 mins (Automated)

Technical Maturity:

  • Medium to High

Recommended Delegates:

  • Critical National Infrastructure

Competencies Exercised:

  • Regulatory Compliance (NIS, DWI, NIST), Cyber Security Strategy, Crisis Comms, Press Conference Practice, Decision-Making

6. Exercise Scenario - Trusted Foods Safety

Could eco-warriors manage to get access to the internal OT network of a food producer’s mill operations, and adjust the ingredients going into organic food production? Or is an insider behind the evolving attack at Trusted Foods? An exercise geared towards production environments in the food supply chain and/or FMCG IR teams. Delegates will be taking the role of the Incident Response team at Trusted Foods Ltd., as it's targeted by a global environmental movement, who seems to have gained access to confidential information from the company networks.

Participants will be challenged across different areas, such as customer safety issues, working with regulators and making key decisions as they progress through the different stages of the evolving attack.

Play time:

  • Full Exercise: 4 hours (Facilitated)

  • Basic Challenges: 90 mins (Automated)

Technical Maturity:

  • Medium

Recommended Delegates:

  • Crisis Management Team, Comms Team, Quality Assurance Teams in FMCG Production

Competencies Exercised:

  • Cross-Functional Co-Operation, Regulatory Compliance, Crisis Comms, Decision-Making, Customer Relationships Management, Food Supply Chain and Foods Safety

7. Exercise Scenario - City of Londonia Police

This scenario focuses on an APT attack against a nation-state (United Queendom, capital city Londonia). Participants will assume the role of new Head of Security Operations of the National Cyber Security Centre and will be tasked with reacting, responding, and mitigation of a series of escalating cyber and cyber-physical threats. The attack culminates with malicious activity targeting the nation’s central police databases. Several cyber security incidents are covered in the scenario, such as a DDoS attack, VPN vulnerabilities, business email compromise fraud, malware and data theft.

Other challenges and decision points include issues about remote working, supply chain vulnerabilities, Critical National Infrastructure regulatory compliance including a Water Plant, human aspects of cyber security such as a suspected insider threat and social engineering. Participants will be responding to challenges including threat intelligence and threat modelling, law enforcement capabilities, and communications and stakeholder management in a major incident context.

Play time:

  • Full Exercise: 4 hours (Facilitated)

  • Basic Challenges: 90 mins (Automated)

Technical Maturity:

  • Medium

Recommended Delegates:

  • Government, Law Enforcement, Critical National Infrastructure

Competencies Exercised:

  • CNI Regulatory Compliance, Cyber Crime Investigations, Cross-Border Co-Operation, Leadership, Decision-Making, Stakeholder Communications, Cross-Cultural Communications

Read more

QA is proud to be the UK partner for CyberFish Cyberpsychology Solutions.

Learners will receive the Cyber Exercising Responder digital badge, post event after taking part in a CyberFish DoJo simulation exercise.

Cyber Security learning paths

Want to boost your career in cyber security? Click on the roles below to see QA's learning pathways, specially designed to give you the skills to succeed.

Required Star = Required
Certification = Certification
Application Security
Cloud Security
Information Security Management
Security Risk
Cyber Tech Generalist
DFIR Digital Forensics & Incident Response
Industrial Controls & OT Security
NIST Pathway
OffSec
Privacy Professional
Security Auditor
Secure Coding
Cyber Blue Team
Vulnerability Assessment & Penetration Testing
Emerging Tech Security
Reverse Engineer
Security Architect

Cyber Defensive Operations learning paths

Want to boost your career in Cyber Defensive Operations? View QA's learning pathways below, specially designed to give you the skills to succeed.

Required Star = Required
Certification = Certification
Cyber Blue Team
DFIR Digital Forensics & Incident Response
Cyber Tech Generalist

Frequently asked questions

See all of our FAQs

How can I create an account on myQA.com?

There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.

If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".

If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.

Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.

How do QA’s virtual classroom courses work?

Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.

We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting (more details in the link below) to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.

Learn more about our Virtual Classrooms.

How do QA’s online courses work?

QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.

All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.

Learn more about QA’s online courses.

When will I receive my joining instructions?

Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.

When will I receive my certificate?

Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.

Contact Us

Please contact us for more information