Sten Mäses, Kaie Maennel, Mascia Toussaint, Veronica Rosa

Published in

2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)


organising cybersecurity exercises, evaluation, quality indicators, cybersecurity incident response

Open Access



Exercises are a resource intensive form of providing participants learning, capability testing and validation of plans and procedures. As exercises commonly are used in the field of cybersecurity, their effective and optimal organisation is important. This article aims at identifying key exercise
organisation assessment indicators, regardless of exercise type or goal, on the example of cyber incident response exercises. Based on practical experience and literature on crisis management, incident response, and cybersecurity exercises, a 10-step exercise organisation process is identified. For each step, criticalities for the designers and other stakeholders of cyber incident response exercises are identified. These criticalities are also translated in a checklist of actionable indicators aimed at supporting them in measuring the quality of the exercise and implementing an exercise organisation learning loop.