Complete Package Overview:

​

1. Master Exercise Plan

• Detailed 3-hour exercise structure with phases, timing, and logistics

• Pre-exercise planning requirements and participant roles

• Evaluation criteria and success metrics

• Budget considerations and post-exercise deliverables

2. PowerPoint Presentation

• Interactive HTML presentation with professional design

• Exercise objectives, structure, and ground rules

• Scenario overview and evaluation criteria

• Navigation controls and slide counter

• Ready to present to executive team

3. Three Progressive Inject Scenarios​

​

Inject #1 (8:45 AM): Initial Detection            (Example)

• Ransomware discovery with 47 affected workstations

• Database compromise and backup failures

• Immediate containment decisions required

Inject #2 (10:15 AM): Escalation & Threats    (Example)

• $2.3M ransom demand with 48-hour deadline

• 847K customer records exfiltrated

• Media attention and regulatory pressure mounting

Inject #3 (2:30 PM): Recovery Complications  (Example)

• Backup system failures discovered

• Vendor/partner impacts cascading

• Three recovery options requiring strategic decisions

 

Key Features:

✅ Realistic Scenarios - Based on actual ransomware attack patterns
✅ Executive Focus - Strategic decisions, not technical details
✅ Time Pressure - Escalating urgency throughout exercise
✅ Multi-faceted Challenges - Technical, legal, financial, and reputational
✅ Measurable Outcomes - Clear evaluation criteria and action items

 

The exercise is designed to challenge senior leadership on:

• Crisis decision-making under pressure

• Cross-functional coordination during emergencies

• Communication strategy for multiple stakeholders

• Business continuity vs. investigation priorities

• Legal and regulatory compliance requirements

• Find out what security controls or process are broken beforehand

 

​