Exercise Design and Implementation Exercise Protocol Outline

There is no wrong answer. Exercise Question / Exercise Objective (Purpose) (2 – 3 paragraphs)Explain in detail the purpose of your exercise (i.e. Evaluate the effectiveness of a security measure? Identify vulnerabilities in a specific type of security? Test security policies and procedures? Provide a training exercise for security practitioners? Something else?). Then provide a description on how your exercise will achieve the objective / fulfill the purpose.Exercise Parameters / Scope (.5 – 1 page)This section should include information on the following components:1.    What is the timeline of your exercise?a.    Real-timeb.    Simulated time2.    Who are the players?a.    Adversaryb.    Defense / “Good Guys or Gals”c.    How many participantsd.    Exercise Scenario (1 – 2 pages)Remember, Think of this section like writing a story or book. You are providing the plot or backstory to your exercise. Be sure to include any injects that are part of your scenario as a separate paragraph at the end of your scenario.Adversary / Actor “Profile” (1 – 1.5 pages)Remember, think of this like giving the background to the main character of your story that you wrote for your scenario. Think back to your participation in the Red Teaming exercise earlier this semester for a good example of this.Format of Your Exercise (1 Page)This section should include all of the information regarding the format and delivery method of your exercise. Some sections you need to include are:1.    Online or In-Person Exercise? a.    Why?2.    How will you deliver your exercise? (If needed, see examples in the Module 2: Lesson 2 slidesImplementation Plan (1 -2 pages / will vary based on exercise)In this section you will outline the step-by-step instructions on how to facilitate (run) your exercise. This should include any necessary materials or technology as well. (If needed, see examples in the Module 2: Lesson 2 slides to help get you started). Data Collection Plan (.5 – 1 page)This section is tied directly to the Format and Implementation of your exercise. Based on how you plan to deliver your exercise, you will need to consider how you will collect all of the information resulting from your exercise. (If needed, see examples in the Module 2: Lesson 2 slides).Participant Identification / Selection and Reasoning (Approx. 1 page)This section should list out every role that participants will need to fill in the exercise. Be sure to include each role for the following Teams as appropriate (If needed, see examples in the Module 2: Lesson 3 slides):1.    The Red Team (Adversaries)2.    The Blue Team (Defense)3.    White Team (Facilitators)Exercise Facilitation Instructions (1  pages)The purpose of this section is to provide instructions for each member of the White Team. For each member that you list in the participant Identification Section for the White team, you should have instructions for what they need to do during the exercise. These do NOT need to be very long instructions, but they need to be clear. (If needed, see examples in Module 2: Lesson 3 slides).