Review of pedagogical principles of cyber security exercises

Abstract

Modern digitalized cyber domains are extremely complex ensemble. Cyber attacks or incidents against system may affect capricious effects for another system or even for physical devices. For understanding and training to encounter those effects requires an effective and complex simulation capability. Cyber Security Exercises are an effective expedient for training and learning measures and operations with their outcomes in that complex cyber domain. Learning in cyber security exercises is relevant for different level actors in organisation hierarchy. Technical experts are able to train the technical capabilities whereas decision makers are able to train the decision-making capabilities under hectic cyber incident. In this paper, the pedagogical aspects of cyber security exercises are discussed in accordance with the law of the lifecycle of the cyber security exercise: planning phase, implementation phase, and feedback phase.