Exercise in a Box

It can be difficult for organisations to know where to begin. Cyber security is a large and complex landscape. There’s been an evolution of hackers in the past few years. They’re not just criminals anymore – they’re ruthless businesspeople.

That’s why we always advise to organisations that they make use of the many free tools that are available. We want businesses to be able to help themselves first.

To that end, Vertical Structure has launched a new workshop whereby we assist organisations to walk through the government’s Exercise in a Box.

Exercise in a Box is a completely free set of online tools produced by the NCSC (National Cyber Security Centre) that “helps organisations find out how resilient they are to cyber attacks, and enables them to practice responses in a safe environment”.

In our experience, we’ve found that many businesses need a bit of help and direction to make the most of the vast number of Exercises that are available. Our customers benefit from the advice that we can deliver around the tool.

Here's an example:

Our 'Business continuity/disaster recovery' workshop is a good starting point for many companies.

What makes it successful:

  • The tool involves both conversational prompts as well as technical questions, so it works most effectively when key IT staff are in the room
  • For both small and large organisations, 95 per cent of cyber problems stem from users clicking on links
  • The exercise is designed to be rooted in reality – it demonstrates to organisations what it will be like if they get compromised by cyber attackers

Topics this Exercise covers:

  • ID’ing fake / phishing emails – how employees know a risky message isn’t safe
  • What do employees do with such emails? Is there a formal process? Do employees feel comfortable raising alerts?
  • Access to network, e.g., who can install new apps?
  • Virus protection software – when and how updates are handled
  • Legacy systems such as CRM, accounting, operations system – and how and when they are updated with security patches
  • Data backups – how, when, and who monitors them
  • Agreeing software expenditures with board and ensuring board members understand the critical nature of cyber protection
  • Striking a balance between risk and reasonable expenditure – because no SME can spend their whole IT budget on cyber protection

Other Exercises and workshops:

The above example is just one of the available Exercise in a Box workshops that we offer. Many of the other Exercises are more practical and technical in nature. One such example is below.

Please get in touch to find out about our other workshops.

Technical Scenario

There is a compromised machine communicating on your network. Your goal is to locate the compromised machine and stop the communication.

Extra challenges

  1. View the network traffic and provide your facilitator with the hidden three-word code
  2. Access the compromised machine remotely and provide your facilitator with the second three-word secret

The time each challenge was completed should be recorded by the facilitator in the tool.

The exercise is finished either when the team has stopped the Simulator or the facilitator has chosen to end the exercise. The facilitator should ensure the relevant time inputs have been correctly entered in the tool before gathering the participants for the exercise wrap up session. The Simulation exercise summary phase will guide the team through questions to understand the successes and lessons learned during the exercise.

Vertical Structure’s team of experts will guide you through this entire scenario and explain all output data.

Need help?

Email Us
email hidden; JavaScript is required

Call Us
+ 4428 9099 5777

Or send us a quick message

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.