From b93f7630e6ca32f87cd2de8aad2f7714f23d1fde Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sat, 12 Nov 2022 10:28:22 +0100 Subject: [PATCH] chg: [blog] add old notes about cyber exercises --- ...017-11-30-Cybersecurity-Exercises-and-Reality.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/_posts/2017-11-30-Cybersecurity-Exercises-and-Reality.md b/_posts/2017-11-30-Cybersecurity-Exercises-and-Reality.md index 9e82ea1..11645dc 100755 --- a/_posts/2017-11-30-Cybersecurity-Exercises-and-Reality.md +++ b/_posts/2017-11-30-Cybersecurity-Exercises-and-Reality.md @@ -22,6 +22,13 @@ in many of those (including designing or/and playing), I compiled my thoughts an in such approach. The idea behind this series of notes is to improve such exercise or experiment other approaches. # Synthetic information/evidences + +While participating to some exercises, a lot of the evidences used are synthetic and rarely reflect realities from operational +security. This gives a perception to the players that the evidences are like this in real cases. But it's usually not the case, the +collection of the evidences (and its complexity) is often discarded from such game. Any digital forensic investigator knows how +complex is to gather, collect and acquire evidences. So it's not by playing or participating to such exercise that would help you +or your organisation to grasp the complexity and improve your team capabilities. + - Synthetic information or evidences - The aim is often limited to solve one or more challenges @@ -37,5 +44,11 @@ multi-compromised infrastructures. - Resources and allocation - Outcomes and how results are integrated in operational security +# Ideas and improvements to make "exercises" useful + +|Proposal|Description| +|:----|:-----| +|Take real cases, evidences and investigations|Avoid at all cost synthetic or fake data when creating exercises. If you take real data, don't mix-up with synthetic data.| + # References