Skip to content

1.1 Exercises and INJECT

Exercises in General

We define exercises as active learning activities that strengthen preparedness and resilience for incident and crisis response. Exercises develop technical and non-technical skills across operational, tactical, and strategic levels.

For example, this may involve:

  • Simulating a crisis within the context of business operations in an organization, such as a ransomware attack on the company infrastructure or exfiltration of sensitive information with the focus on communication, coordination, and collaboration.
  • Driving discussion focused on the supply chain security on a strategic level.
  • Short guided experience for users preparing them on the situation of a lost phone.

These exercises are usually called tabletop exercises (TTXs) and can serve as an educational measure in information security management systems (ISMS) in the organization. If you are interested more in this topic, please check our systematic literature review Research and Practice of Delivering Tabletop Exercises.

Note

In the context of TTX inject is a pre-scripted message, such as an email, provided to trainees during exercise. Its purpose is to move the scenario forward and prompt additional actions. For example, an inject can inform the trainees about a data breach in their company, requiring them to respond accordingly. [NIST]

Exercises in the Platform

TTXs are traditionally conducted using pen and paper or simple online office applications, such as Google Forms, to collect participant responses. The advantage of this approach is its low cost and low barrier to entry. However, they also have major disadvantages—mainly they do not adapt to the decisions that trainees make, and effective evaluation takes considerable time.

With INJECT, we aim to transition the TTX format from this low-tech approach into the INJECT Exercise Platform (IXP): a novel, lightweight, open-source environment for supporting exercise deployment and evaluation. As a result, INJECT enables you to create interactive, complex, adaptive and measurable training experiences.

Note

For more on this topic, check From Paper to Platform: Evolution of a Novel Learning Environment for Tabletop Exercises. It provides insights and practical experiences from a cybersecurity course where tabletop exercises were introduced using the INJECT platform. When referencing the INJECT exercise platform, please cite this paper.

It is important to acknowledge that digitalization introduces new challenges. Especially, preparing scenarios in the platform can be time-consuming. This is not a problem in some contexts, but if you want to create a swift, lightweight exercise with a tight time schedule or just "something" to check a compliance box, you should consider the traditional approach.

If you really want to have an exercise in INJECT and you want inspiration or need it fast, we have prepared freely available exercise definitions.

Check Available Exercises →

Note

INJECT Exercise Platform is mainly created for the cybersecurity domain. However, the scope of its usage is much broader – basically, it can be used for almost any incident, crisis or difficult situation where it is useful to practice response, communication, collaboration and coordination.

Subjects in the INJECT Process

In organizing exercises, various functions are crucial to ensure success. Depending on the context, these functions may overlap, with some individuals taking on multiple responsibilities.

We distinguish between the subjects of the exercise (organizations, designers, instructors) and the exercise roles intended for the scenario (e.g., CSIRT, lawyer, PR specialist, national authority).

Organizers – These individuals are responsible for all aspects to make the exercise happen. They act as the project managers of the exercise, coordinating designers, instructors, and trainees. We do not distinguish here whether they work in-house or for a client organization as a service.

Exercise Designers – Their main role is to develop the exercise scenario. This includes understanding the exercise context, specifying the entire scenario, and preparing the content for the platform. Designers work mainly with the Editor, exercise library, and documentation, and possibly with the Analysts view.

Subject matter experts – Provides domain insight and validates realism. They cooperate closely with exercise designers.

Exercise Instructors – These individuals execute the exercise via the platform, provide briefings, and conduct the final hot wash. Unless specified otherwise, they also analyze the final data from the exercise and provide insights for exercise designers. Instructors work primarily with the Instructors view during execution and with the Analysts view during the Reflection phase.

Trainees – These are the individuals who take part in the exercise. Their primary objective is to learn and gain experience from the exercise. They use the Trainees view during the whole exercise and, at the end during the hot wash, they are presented with data from the Analysts view.

Parts of the Platform

INJECT provides specialized interface for each subject:

  • Trainees view – The Trainee View is designed for use during the Execution phase of the exercise. It provides trainees with access to the exercise scenario and injects, facilitating their participation and engagement. Through the Trainee View, trainees can navigate the exercise, respond to injects, and collaborate with teammates in a simulated environment.
  • Instructors view – The Instructor View is used by exercise instructors during the Execution phase of the exercise. It allows instructors to manage the entire exercise, from overseeing trainees interactions to facilitating discussions and providing guidance. With features for real-time monitoring and intervention, the Instructor View ensures smooth exercise execution and effective facilitation.
  • Analysts view – The Analyst View serves multiple purposes throughout the INJECT Process. During the Reflection phase, it is utilized for evaluation and data analysis, providing insights into trainees performance and exercise outcomes. Additionally, the Analyst View serves as a source of information during the Understanding phase, offering valuable data and feedback to inform exercise preparation. Its intuitive interface enables thorough evaluation and informed decision-making for future exercises.
  • Editor and exercise library – The Editor is used mainly during the Preparation phases of the INJECT Process. It allows exercise designers create scenarios, and prepare exercise content. With its user-friendly interface, the Editor enables efficient scenario development and content organization.

← Phase 01: Understand 1.2 Exercise Types →