Loading

Don’t Wanna Cry: A Cyber Crisis Table Top Exercise for Assessing the Preparedness against Eminent Threats
Ashutosh Bahuguna1, Raj Kishore Bisht2, Jeetendra Pande3

1Ashutosh Bahuguna*, Research Scholar Uttarakhand Technical University, Dehradun & Scientist- Indian Computer Emergency Response Team.
2Raj Kishore Bisht, School of Computing, Graphic Era Hill University, Dehradun, India.
3Jeetendra Pande, School of Computer Science & IT, Uttarakhand Open University, Haldwani, India.
Manuscript received on September 21, 2019. | Revised Manuscript received on October 05, 2019. | Manuscript published on October 30, 2019. | PP: 3705-3710 | Volume-9 Issue-1, October 2019 | Retrieval Number: A9893109119/2019©BEIESP | DOI: 10.35940/ijeat.A9893.109119
Open Access | Ethics and Policies | Cite | Mendeley
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)

Abstract: Cyber Security Exercises are emerged as useful tool for assessing and improving preparedness of the organizations and nations against cyber threats. Cyber security exercises of different types & duration with various objectives are conducted across the globe. These exercises vary from quiz type exercises to full simulated attack based exercises. One such type of exercise is Table Top Exercise (TTX). TTX are discussion based exercises involving decision makers of the participating entities to meet and discuss the response during the hypothetical emergency situations. These exercises primarily focused on to clarify roles and responsibilities, assessment of effectiveness of plans and further improvements in cyber security. In this paper we presented Objective, Design and Execution of Cyber Crisis Table Top eXercise (CCTTx) named “Don’t Wanna Cry” conducted for Indian entities. 5 CCTTx involving decision makers from 65 organizations with the objective to encourage self-realization of true cyber security posture of their own entity were conducted in 2017.Exercises were divided into three segments starting with (i) Self-assessment in which participating organization self-assess their cyber security posture in pre-defined 6 domains, followed by (ii) Exercise Play in which participating entity act as a hypothetical entity and respond to the presented cyber crisis situation and finally (iii) Hotwash session was executed with purpose of inducing self-realization of their true cyber security posture. Exercise take away for participants was self-realization and identification of improvement plan to enhance cyber security posture of their entities against the cyber attacks. These exercises are unique in design, execution and their objective of self-realization by the participating entities. Success of these exercises is evident from the feedback and adoption of exercises for domestic purpose by participating organizations.
Keywords: Cyber Security Exercises, Cyber Security Training, Cyber Security Assessment, National Cyber Security, Cyber Security Self-assessment, Table Top Exercises, Cyber Security Preparedness, Cyber Security Drills.