Cyber incident response is critical to business continuity -- we describe a new exercise that challenges professionals to play the role of Chief Information Security Officer (CISO) for a major financial organisation. Teams must decide how organisational team and budget resources should be deployed across Enterprise Architecture (EA) upgrades and cyber incidents. Every choice made has an impact -- some prevent whilst others may trigger new or continue current attacks. We explain how the underlying platform supports these interactions through a reactionary event mechanism that introduces events based on the current attack surface of the organisation. We explore how our platform manages to introduce randomness on top of triggered events to ensure that the exercise is not deterministic and better matches incidents in the real world. We conclude by describing next steps for the exercise and how we plan to use it in the future to better understand risk decision making.

翻译：网络事件响应对业务连续性至关重要——我们描述了一项新型演练，要求参与者扮演一家大型金融机构的首席信息安全官（CISO）。团队需决定如何在企业架构（EA）升级与网络事件之间分配组织团队与预算资源。每个选择都会产生连锁影响——部分决策能防范攻击，而另一些则可能触发新攻击或延续当前攻击。我们阐释了底层平台如何通过反应式事件机制支持这些交互：该机制会根据组织当前攻击面动态引入事件。我们进一步探索平台如何在触发事件之上引入随机性，以确保演练不具确定性，从而更贴近真实世界的安全事件。最后，我们概述了该演练的后续发展方向，并计划未来借助其深化对风险决策机制的理解。