Contact us

Cyber Crisis Management Exercise

Anticipate cyberattacks with crisis management exercises tailored to your organization. Inspired by ANSSI recommendations, our realistic scenarios strengthen your teams’ preparedness without disrupting your activities. Test your capabilities and adopt best practices for dealing with cyber threats.

I have a project

Presentation of the exercise

Faced with the proliferation of cyber threats, organizations must prepare for cyber crises. These result from attacks on information systems, causing major disruptions that are sometimes irreversible.

To address this issue, ANSSI and CCA have developed the guide “Organizing a cyber crisis management exercise,” intended for all organizations. It facilitates the implementation of realistic exercises to train teams in best practices, both internally and externally.

Phishia offers exercises based on this work, tailored to your business and the level of your teams, without impacting your operations. They strengthen preparedness, communication, and coordination in the face of cyberattacks.

The organization of the exercise

EXERCISE DESIGN

Development of a framework defining the objectives, format, theme, scope, available resources, date, and stakeholders (experts, facilitators, observers, players). This step aims to produce a solid set of specifications.

EXERCISE PREPARATION

Development of a credible scenario, drafting of a timeline with an appropriate level of realism and intensity, and briefing of participants. This phase aims to ensure that the teams involved are adequately prepared.

EXERCISE IMPLEMENTATION

Follow the timeline established during the preparation phase, while remaining adaptable to the players' reactions. The objective is to ensure the smooth running of the exercise while taking into account any necessary adjustments.

ANALYSIS OF THE LESSONS LEARNED FROM THE EXERCISE

Organize a hot and cold debriefing to draw lessons from the exercise. This includes writing a report and planning a debriefing to identify areas for improvement.

IMPLEMENTATION OF IMPROVEMENT MEASURES

After analyzing the lessons learned from the exercise, the implementation phase of improvement measures is crucial to strengthening the resilience and effectiveness of the company.

Observed skills

The team assembled during the exercise will be observed on the following points:

1.

Responsiveness
  • Detection: Assessment of how quickly the team detects the incident or threat.
  • Alert: Assessment of how quickly the team issues an internal alert.

2.

Technical Skills
  • Analysis: Ability to quickly analyze the nature and scope of the threat.
  • Classification: Accurate identification of the type of incident (malware, DDoS attack, data compromise, etc.).

3.

Internal Communication

Assessment of the clarity and speed of communication within the team.

4.

External Communication

Assessment of the management of communications with external stakeholders (customers, partners, authorities, media).

5.

Collaboration within the unit
  • Coordination between unit members
  • Leadership

6.

Business continuity
  • Business continuity plan (BCP): Assessment of its quality, including the definition of roles and responsibilities.
  • Implementation of the BCP: Effectiveness of measures ensuring the minimum functioning of critical activities.
The aim of the exercise is not to trap participants in any way, but rather to understand a cyber crisis and thus support them. It is advisable to involve high-level profiles, as well as a cyber decision-maker or someone in charge of information security; and more generally, to involve all the people who would be mobilized if the event simulated during the exercise were to occur in reality. It is recommended that half a day to a full day be set aside for the exercise.
Make an appointment

One type of exercise for each area

In France, cyber management exercises are supported by organizations such as ANSSI (the National Cybersecurity Agency) and ANS (the Digital Health Agency). These exercises are designed to meet the specific needs of each sector.

Whether you work in healthcare, local government, or business, there is an exercise tailored to your field. These exercises are designed to help identify vulnerabilities, strengthen defenses, and improve resilience to cyber threats.

In healthcare, exercises may focus on protecting sensitive data and ensuring continuity of care in the event of a cyberattack. For local authorities, exercises may focus on protecting critical infrastructure and responding to incidents. In the business sector, exercises may cover a range of scenarios, from protecting trade secrets to managing security incidents.

In short, whatever your field of activity, ANSSI and ANS have developed cyber management exercises to help you strengthen your security posture. These exercises are a valuable tool for preparing for and responding effectively to cyber threats.

Healthcare

ANS

See ANS kit

Business

ANSSI

See ANSSI kit

Local government

ANSSI

See ANSSI kit

Pre- and post-exercise workshops

As part of this process, we will be able to design tailor-made workshops to provide you with optimal support both before and after the exercise. We are committed to strengthening your skills and guiding you toward continuous improvement in your cybersecurity practices through a series of workshops.

Each workshop lasts approximately half a day.

Form a team

  • Identify key members of the crisis management team, including IT security experts, communications representatives, human resources managers, and other relevant stakeholders.
  • Ensure that each team member understands their role and responsibilities during the crisis.
  • Establish an effective internal communication system to ensure rapid and accurate coordination.

Assess the risk

  • Identify the nature and origin of the cyberattack.
  • Assess the IT assets affected and the data compromised.
  • Determine the potential consequences for business operations, data confidentiality, and the organization’s reputation.

Determine the extent

  • Analyze the scope of the breach by identifying all affected parties, both internal and external.
  • Assess how quickly the threat is spreading and its potential to cause further damage.

Predict the response

  • Implement immediate measures to mitigate the impact and stop the cyberattack from spreading.
  • Communicate with internal and external stakeholders to inform them of the situation and the response underway.
  • Prepare communication plans to inform external stakeholders, including customers, partners, and regulatory authorities.

Consolidate the plan

  • Develop a detailed crisis management plan, including specific steps to be taken, the responsibilities of each team member, and the necessary resources.
  • Identify long-term preventive measures to avoid similar attacks in the future.
  • Implement additional security measures to strengthen the protection of IT systems.

Review and update

  • Conduct a post-crisis analysis to assess the effectiveness of the response and identify areas for improvement.
  • Update the crisis management plan, taking into account lessons learned.
  • Organize regular training sessions to keep the crisis management team informed of new threats and best practices in cybersecurity.

Our articles

Discover the latest news and trends in incident response and business continuity.

PCA/PRA in medical-social establishments: turning a crisis into a controlled incident

Organize a cyber crisis management exercise for the hospital

Conducting a Cyber Crisis Management Exercise

All our articles

Our services

Analyse de risques EBIOS RM

Certification and compliance preparation

Awareness and training

Security policies and internal charters

ISO 42001 & SMIA support

Outsourced CISO​

Supplier evaluation

Organizational Audit

Technical Audit

Phishia CTI

BCP & DRP

Cyber crisis management exercise

Support for employees

Post-incident assistance and remediation

About us

Our blog

Contact us