Exercise lifecycle - AWS Security Incident Response Guide

Exercise lifecycle

Regardless of the type of simulation you choose, simulations generally follow these steps:

  1. Define core exercise elements – Define the simulation scenario and the objectives of the simulation. Both of these should have leadership acceptance.

  2. Identify key stakeholders – At a minimum, an exercise needs exercise facilitators and participants. Depending on the scenario, additional stakeholders such as legal, communications, or executive leadership might be involved.

  3. Build and test the scenario – The scenario might need to be redefined as it is being built if specific elements aren’t feasible. A finalized scenario is expected as the output of this stage.

  4. Facilitate the simulation – The type of simulation determines the facilitation used (paper-based scenario compared to highly technical, simulated scenario). The facilitators should align their facilitation tactics to the exercise objects and they should engage all exercise participants wherever possible to provide the most benefit.

  5. Develop the after action report (AAR) – Identify areas that went well, those that can use improvement, and potential gaps. The AAR should measure the effectiveness of the simulation as well as the team’s response to the simulated event so that progress can be tracked over time with future simulations.