Developing a Cyber Incident Exercises Model to Educate Security Teams

Abstract

Since cyber attacks are increasing and evolving rapidly, the need to enhance cyber-security defense is crucial. A cyber incident exercise model is a learning technique to provide knowledge about cyber security to enhance a security team’s incident response. In this research work, we proposed a cyber incident model to handle real-time security attacks in various scenarios. The proposed model consisted of three teams: (1) the black team, (2) the red team, and (3) the blue team. The black team was a group of instructors responsible for setting up the environment. They had to educate the red and blue teams about cyber security and train them on facing cyber attacks. Once the training period was completed, the members were divided into two teams to conduct a cyber-security competition in a cyber game scenario. Each of the two teams performed a different task. The red team was the offensive team that was responsible for launching cyber-security attacks. The blue team was the defensive team that was responsible for countering attacks and minimizing the damage caused by attackers; they had to conduct both cyber-security configuration and incident handling. During the scenario, the black team was responsible for guiding and monitoring both the red and the blue teams, ensuring the rules were applied throughout the competition. At the end of the competition, the members of each team changed with each other to make sure every team member was using the knowledge they gained from the training period and every participant was evaluated impartially. Finally, we showed the security team’s offensive and defensive skills via the red team and the blue team, respectively.