Overview
We Build Human Resilience
Designing crisis management plans and playbooks is a good start to building a business continuity programme. What comes after having written that plan, however, often gets neglected.
Time will tell how people work together when a crisis strikes: you can build and test your tech defences, but do you know how your crisis team members will work together, when the pressure is high?
We Prepare Your Crisis Team
Our mission is to help our clients prepare to better handle business disruptions, like cyber incidents. We do this by running incident simulation exercises with them, analysing their responses and team dynamics under stress, and selecting the most suitable learning programme for them to make improvements.
Resilience Dojo Exercising and Learning Programmes were created by our interdisciplinary team. All our scenarios and learning modules are based on the expertise of our team members, and informed by the latest research in organisational psychology, good practice in risk management and crisis communications.
We have built our immersive exercise scenarios and learning modules for various target audiences, helping you arm your team members with the necessary skills they need to have to manage a crisis effectively.
Exercise Scenarios (see below)
- MoneySafe Ransomware
- MoneySafe DeepFake Crisis
- SafeCom 2FA Fraud
- AWU Supply Chain
- AWU - OT / IT
- Trusted Foods Safety
- City of Londonia Police
Prerequisites
There are no prerequisites.
Learning Outcomes
To get started with the Resilience Dojo Exercising and Learning Programme, all you have to do is to answer a few questions about your team and requirements, so we can recommend you the right scenario for your baseline exercise.
The baseline exercise is typically a facilitated crisis simulation exercise, delivered through the Resilience Dojo Exercising Platform. Our ready-made scenarios were designed by risk management and organisational psychology experts and reflect on different industry threat landscapes: for instance banking, critical national infrastructure, and production environments.
CyberFish facilitators will observe team dynamics and risk management decision paths taken by the team members. These will be summarised in an Executive Summary, that you can use for building up a roadmap for improvements for the crisis management function. The report can also be used for ISO 27001 or 22301 audits as proof of having exercised the competencies of crisis management team members.
The next step will be putting together your tailored self-paced automated learning modules, designed to focus on areas highlighted in the Executive Summary: addressing skills gaps that can make your team more effective when responding to real-life crises.
Outline
CyberFish offer facilitated and self-paced Exercising and Learning modules for the wider crisis management team via our Resilience Dojo Platform.
Making Teams Crisis-Ready – The Exercise Scenario Library
1. Exercise Scenario - MoneySafe Ransomware
This scenario focuses on the experience of MoneySafe Bank, as it is targeted by a developing malicious ransomware cyber-attack. The attack impacts the investment banking branch first before spreading to the retail and corporate parts of the business. Playing the scenario, delegates will be addressing a number of events and will be taken through technical, organisational and professional challenges. Players will take on the role of the Bank’s Incident Response Team.
They will be expected to make key assessments, decisions and recommendations over the course of the incidents as the attack intensifies across the Bank, managing the demands of the panicked clients, the public and media, financial regulators and data protection authorities, investigatory authorities and international information-sharing networks among other challenges.
Play time:
- Full Exercise: 4 hours (Facilitated)
- Basic Challenges: 90 mins (Automated)
Technical Maturity:
- Medium
Recommended Delegates:
- Crisis Management Teams and Comms Teams
Competencies Exercised:
- IR process (NIST), Data Protection (GDPR), Ransomware Playbooks, Crisis Communications, Debriefing Senior Stakeholders and Media Representatives
2. Exercise Scenario - MoneySafe DeepFake Crisis
This scenario focuses on the experience of MoneySafe Bank, as it becomes victim of a complex disinformation and misinformation attack. The incident involves the deliberate spread across social media of both mis and disinformation efforts to undermine the reputation of the company, damage its reputation and undermine the legitimacy of its CEO. The incident subsequently includes a deepfake video (a synthetically machine generated video), which is released online, the issue immediately becomes more serious and impact to the company more consequential.
Delegates will practice response to combat future mis and disinformation attacks, and how to safeguard the reputation of the business following an incident.
Play time:
- Full Exercise: 4 hours (Facilitated)
- Basic Challenges: 90 mins (Automated)
Technical Maturity:
- Medium
Recommended Delegates:
- Financial Sector & Government
Competencies Exercised:
- RESIST 2 Counter Disinformation Framework, Data Protection (GDPR), Crisis Communications, Decision Making, Stakeholder Management, Wider Impact of Dis/Misinformation Attacks
3. Exercise Scenario - SafeCom 2FA Fraud
The scenario is set in a fictitious country, Ambrosia, where SafeCom are the main telecommunications provider. Safecom recently became majority-owned by a global telco, headquartered in Denver, Americas. This scenario’s challenges focus on the experience of SafeCom as it is targeted by an advanced cybercrime group: they have managed to get access to a part of the carrier’s network signalling equipment.
The local banks in Ambrosia rely on SMS as a 2FA tool in their security processes... Delegates will take on the role of SafeCom’s Board (minus an absent CEO). The technical challenges are amplified by widely publicised news of cybercrime nearly claiming the life of Amina, a local restaurant owner in Ambrosia, who is claiming that she had been a
victim of banking fraud.
Play time:
- Full Exercise: 4 hours (Facilitated)
- Basic Challenges: 90 mins (Automated)
Technical Maturity:
- Medium
Recommended Delegates:
- Financial Sector & Telco
Competencies Exercised:
- IR process, Supply Chain (NIST), Leadership, Crisis Comms, Statements, Regulatory Issues, Decision Making, Business & Societal Impact of Cyber Attacks
4. Exercise Scenario - AWU Supply Chain
The exercise takes participants back to Amazonia Water UK (AWU), which was recently acquired by a US energy company, as part of their ‘greening’ programme. Playing the previous AWU exercise is not prerequisite to understanding this game. This exercise challenges cross-functional business understanding, and recognition of internal team / supply chain challenges from different perspectives. Participating will foster cross functional business understanding between teams and help to developing a shared language for crisis management decision-making and comms between IT and commercial teams.
Delegates will take the role of Board members at AWU and the objective of the exercise will be to arrive at mutually acceptable ways of co-operating and experiencing pressures from different perspectives revolving around a supply chain & contract breach.
Play time:
- Full Exercise: 4 hours (Facilitated)
- Basic Challenges: 90 mins (Automated)
Technical Maturity:
- Low to Medium
Recommended Delegates:
- Supply Chain Partners and Different Organisational Units to Play Together
Competencies Exercised:
- Cross-Functional Co-Operation, Regulatory Compliance (NIS, DWI, NIST), Crisis Comms, Decision-Making (Strategic and Tactical) & Business Implications
5. Exercise Scenario - AWU - OT / IT
The incident is playing out in a private UK water company, Amazonia Water UK (AWU), which was recently acquired by a US energy company, as part of their ‘greening’ programme. The management of the US company don’t see water as a major part of the Group’s revenue or value... The water company has an IT estate and an OT estate. There are barriers between these estates, for security and monitoring purposes, but many years of nothing going seriously wrong has allowed some OT-side monitoring computers to have direct connections to management systems in the IT estate...
Delegates will take the role of Board members at AWU and will be making decisions responding to the technical incursion. They will have to take into account the risks to the public, health and reputation of the company, and the public’s expectations, whilst defending the business interests and reputation of their parent company.
Play time:
- Full Exercise: 4 hours (Facilitated)
- Basic Challenges: 90 mins (Automated)
Technical Maturity:
- Medium to High
Recommended Delegates:
- Critical National Infrastructure
Competencies Exercised:
- Regulatory Compliance (NIS, DWI, NIST), Cyber Security Strategy, Crisis Comms, Press Conference Practice, Decision-Making
6. Exercise Scenario - Trusted Foods Safety
Could eco-warriors manage to get access to the internal OT network of a food producer’s mill operations, and adjust the ingredients going into organic food production? Or is an insider behind the evolving attack at Trusted Foods? An exercise geared towards production environments in the food supply chain and/or FMCG IR teams. Delegates will be taking the role of the Incident Response team at Trusted Foods Ltd., as it's targeted by a global environmental movement, who seems to have gained access to confidential information from the company networks.
Participants will be challenged across different areas, such as customer safety issues, working with regulators and making key decisions as they progress through the different stages of the evolving attack.
Play time:
- Full Exercise: 4 hours (Facilitated)
- Basic Challenges: 90 mins (Automated)
Technical Maturity:
- Medium
Recommended Delegates:
- Crisis Management Team, Comms Team, Quality Assurance Teams in FMCG Production
Competencies Exercised:
- Cross-Functional Co-Operation, Regulatory Compliance, Crisis Comms, Decision-Making, Customer Relationships Management, Food Supply Chain and Foods Safety
7. Exercise Scenario - City of Londonia Police
This scenario focuses on an APT attack against a nation-state (United Queendom, capital city Londonia). Participants will assume the role of new Head of Security Operations of the National Cyber Security Centre and will be tasked with reacting, responding, and mitigation of a series of escalating cyber and cyber-physical threats. The attack culminates with malicious activity targeting the nation’s central police databases. Several cyber security incidents are covered in the scenario, such as a DDoS attack, VPN vulnerabilities, business email compromise fraud, malware and data theft.
Other challenges and decision points include issues about remote working, supply chain vulnerabilities, Critical National Infrastructure regulatory compliance including a Water Plant, human aspects of cyber security such as a suspected insider threat and social engineering. Participants will be responding to challenges including threat intelligence and threat modelling, law enforcement capabilities, and communications and stakeholder management in a major incident context.
Play time:
- Full Exercise: 4 hours (Facilitated)
- Basic Challenges: 90 mins (Automated)
Technical Maturity:
- Medium
Recommended Delegates:
- Government, Law Enforcement, Critical National Infrastructure
Competencies Exercised:
- CNI Regulatory Compliance, Cyber Crime Investigations, Cross-Border Co-Operation, Leadership, Decision-Making, Stakeholder Communications, Cross-Cultural Communications
QA is proud to be the UK partner for CyberFish Cyberpsychology Solutions.
Cyber Security learning paths
Want to boost your career in cyber security? Click on the roles below to see QA's learning pathways, specially designed to give you the skills to succeed.
= Required
= Certification
AppSec
Cloud Security
Cyber Management
Cyber Security Risk
Cyber Tech
DFIR Digital Forensics & Incident Response
Industrial Controls OT
NIST Pathway
Offensive Security
Privacy
Security Auditor
Secure Coding
Cyber Blue Team
Vulnerability Assessment & Penetration Testing
Emerging Tech
Business Continuity & Resilience
Counter Fraud
AppSec
Average salary: £67,250
Fundamentals
Fundamentals
Intermediate
Intermediate
Cloud Security
Average salary: £80,000
Fundamentals
Fundamentals
Intermediate
Intermediate
Certified Lead Cloud Security Manager
QACLCSM
4 Days
£2,450 ex VAT
View course
Certificate in Cloud Security Knowledge(CCSK+)
CCSKPLUS
3 Days
£2,070 ex VAT
View course
Hacking and Securing Cloud Infrastructure
QACLOUDHA
4 Days
£2,280 ex VAT
View course
Application Security in the Cloud
QASCACLS
3 Days
£2,775 ex VAT
View course
Cyber Management
Average salary: £80,000
Fundamentals
Fundamentals
Intermediate
Intermediate
Cyber Security Risk
Average salary: £57,000
Fundamentals
Fundamentals
Intermediate
Intermediate
Cyber Tech
Average salary: £72,000
Fundamentals
Fundamentals
Intermediate
Intermediate
DFIR Digital Forensics & Incident Response
Average salary: £74,000
Fundamentals
Fundamentals
Intermediate
Intermediate
Industrial Controls OT
Average salary: £55,000
Fundamentals
Fundamentals
Intermediate
Intermediate
NIST Pathway
Average salary: £68,000
Fundamentals
Fundamentals
Intermediate
Intermediate
Offensive Security
Average salary: £75,500
Intermediate
Intermediate
Privacy
Average salary: £55,000
Fundamentals
Fundamentals
Certified Information Privacy Professional
QACIPP
2 Days
£2,965 ex VAT
View course
Certified Data Protection Foundation (GDPR)
QACDPF
2 Days
£1,465 ex VAT
View course
Certified Information Privacy Professional Online
CIPPE-ONLINE
£1,150 ex VAT
View course
Foundations of Privacy and Data Protection
QAPRIVFOU
1 Day
£565 ex VAT
View course
Security Auditor
Average salary: £65,000
Fundamentals
Fundamentals
Intermediate
Intermediate
Secure Coding
Average salary: £67,250
Fundamentals
Fundamentals
Intermediate
Intermediate
Expert
Expert
Cyber Blue Team
Average salary: £42,000
Fundamentals
Fundamentals
Intermediate
Intermediate
Security Operations and Defensive Analysis (SOC-200)
QAOSDA
£1,800 ex VAT
View course
Defending Enterprises for Threat Hunters
QAINSECDEB
2 Days
£1,700 ex VAT
View course
Certified Blue Team Level 2
QACBTL2OL
£1,999 ex VAT
View course
Certified Cyber Defence Operator
QACCDOOL
£2,564 ex VAT
View course
Vulnerability Assessment & Penetration Testing
Average salary: £65,000
Fundamentals
Fundamentals
Intermediate
Intermediate
Emerging Tech
Average salary: £48,000
Fundamentals
Fundamentals
Intermediate
Intermediate
Expert
Expert
Business Continuity & Resilience
Average salary: £52,500
Fundamentals
Fundamentals
Counter Fraud
Average salary: £62,500
Fundamentals
Fundamentals
Intermediate
Intermediate
Expert
Expert
Frequently asked questions
See all of our FAQsHow can I create an account on myQA.com?
There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.
If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".
If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.
Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.
How do QA’s virtual classroom courses work?
Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.
We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting (more details in the link below) to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.
Learn more about our Virtual Classrooms.
How do QA’s online courses work?
QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.
All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.
Learn more about QA’s online courses.
When will I receive my joining instructions?
Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.
When will I receive my certificate?
Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.