chg: [blog] add old notes about cyber exercises

This commit is contained in:
Alexandre Dulaunoy 2022-11-12 10:28:22 +01:00
parent 597adea1ce
commit b93f7630e6
Signed by: adulau
GPG key ID: 09E2CD4944E6CBCD

View file

@ -22,6 +22,13 @@ in many of those (including designing or/and playing), I compiled my thoughts an
in such approach. The idea behind this series of notes is to improve such exercise or experiment other approaches. in such approach. The idea behind this series of notes is to improve such exercise or experiment other approaches.
# Synthetic information/evidences # Synthetic information/evidences
While participating to some exercises, a lot of the evidences used are synthetic and rarely reflect realities from operational
security. This gives a perception to the players that the evidences are like this in real cases. But it's usually not the case, the
collection of the evidences (and its complexity) is often discarded from such game. Any digital forensic investigator knows how
complex is to gather, collect and acquire evidences. So it's not by playing or participating to such exercise that would help you
or your organisation to grasp the complexity and improve your team capabilities.
- Synthetic information or evidences - Synthetic information or evidences
- The aim is often limited to solve one or more challenges - The aim is often limited to solve one or more challenges
@ -37,5 +44,11 @@ multi-compromised infrastructures.
- Resources and allocation - Resources and allocation
- Outcomes and how results are integrated in operational security - Outcomes and how results are integrated in operational security
# Ideas and improvements to make "exercises" useful
|Proposal|Description|
|:----|:-----|
|Take real cases, evidences and investigations|Avoid at all cost synthetic or fake data when creating exercises. If you take real data, don't mix-up with synthetic data.|
# References # References