Cybersecurity Exercises Whitepaper

Conducting Cybersecurity Exercises According to International Standard ISO 22398

Exercises and simulation activities have been around for decades, if not centuries. Simulation of real-life scenarios helps a team in better preparing for actual incidents. Irrespective of whether cybersecurity incidents occur or not, conducting relevant cybersecurity exercises helps organizations in achieving maturity in their overall strategy. Further, regular exercises are useful in validating policies, operational procedures, and action plans. Another benefit of exercises can be the identification of tools, techniques, and equipment needed to defend against cyber-attacks.

LIFARS experts, in their experience of working with agencies such as US Secret Service, FBI, Interpol, and Europol, have been part of many high-profile cybersecurity exercises. LIFARS members were part of a team that won the Locked Shields exercise organized by NATO CCD COE in 2016. Furthermore, they have been members of the planning team of ENISA’s Cyber Europe and NATO’s Cyber Coalition exercises.

LIFARS specialists have observed a steady increment in the number of exercises being conducted by federal and trans-national agencies. Often, organizations look for standard or industry-accepted practices to launch new security initiatives. For conducting cybersecurity exercises, ISO 22398 is one such standard that is heavily relied on.

LIFARS Tabletop Exercises are individually tailored to meet the specific data protection needs of each client. Our experts identify and interview essential personnel to understand your company’s distinct capabilities and existing contingency plans, then use this information to formulate a custom data-breach scenario based on our real-world experience.


What is ISO 22398?

ISO 22398:2013 is an international standard that recommends good practices and lays down specific guidelines for organizations to plan, conduct and improve their projects that are organized within an exercise framework. Any organization, irrespective of its type or size, can adopt this standard based on its resources, objectives, needs, and constraints.
International Organization for Standardization published the latest version of ISO 22398 in 2013.


Download Cybersecurity Exercises Whitepaper to learn more.


Relevant resources: