What Resilia® Experts discover during Ocean’s 99

Published on Monday 28 September 2015 by in News with no comments

Today we ran an intensive Ocean’s 99 demo with the Resilia® Experts of Cask LLC in the US. The purpose of the session was to introduce this business simulation to Cask to explore how it could bring value to their Cyber Security portfolio. The best thing to do was…. run it.

This business simulation focuses on Cyber Security and Cyber resilience. The context is to ship 3 of the most popular, and extremely valuable, historical objects (diamond, painting and Bugatti) from their current locations to the Tokyo Museum for an exhibition. This, while Ocean’s 99 tries to steal the objects, others want to ‘hack’ your systems, the competition wants to steal your ideas and criminals want to steal your information.

The session starts with an exercise to create the Cyber Security Policy. The first discussions were very interesting:

  • Who should take the lead in this process?
  • Do we need to set priorities for our valuable assets we need to protect?
  • Shouldn’t we document the organizational structure to know who is reporting/escalating to who?

Then the team ran the Risk Assessment exercise. It was interesting to see how even this team did not discover all the threats and risks – and how difficult it was to classify the threats if the Security Policy is not clear or complete.

Then we started the first round of the simulation in which the objects are transported  to their regional airports.

The aim of the this session was to explore how a simulation could add value to a security training or consulting offering. This is what the team discovered:

Which customer issues can this simulation help solve according to Resilia® experts?

  1. This simulation will teach participants how communication should be organized between different roles. How and to whom should the Security Officer communicate? And what about the Project Manager? With this simulation we can assess the current communication lines, explore how we can improve them and create awareness why it is important to implement them in the right way.
  2. Discipline is crucial. In this exercise you will see, feel and experience the ‘consequences’ if somebody does not follow the ‘rules’ of Cyber Security. Continuing with your work, instead of calling the IT Support team with a suspicious issue, could harm your business tremendously. This simulation will make employees aware of the importance of this discipline.
  3. We can create a lot of awareness why the business should learn how to prioritize the importance of the business assets we need to protect, the business goals and the investments. In this simulation there is (like day to day practice) limited budget and time. So we cannot do everything, we must make the right decisions.
  4. We all know how important clear roles and responsibilities are. This simulation can help customers to experience the consequence of not having them embedded in their organization. It shows how certain risky situations can easily become drama’s if we waste time because we don’t know who to go to. It became obvious that without clear procedures and rules, mistakes were made and we almost failed to the deliver the objects safely. securely and on time. We can tell the employees this with posters on the wall, but this exercise really brings it home, allowing people to experience the impact..
  5. It became clear in this simulation that if you are not careful, suspicious and alert you may allow seemingly inconsequential events to become serious business threats.The need to report, record and analyze these events and trends to identify targeted attacks so that countermeasures could be developed.
  6. It is very difficult to find the right balance between empowering your team and controlling them. Too much empowerment could mean people will not escalate to the next level because they believe that the issue will not harm the business. But sometimes they cannot oversee the consequences of the event. This simulation will help organizations to experience this and find their own solutions.
  7. Finally, Resilia® is about the behaviors and the change in behaviors organizations have to make. The theory will teach what they are, but this simulation will let them understand why we must change them and how to change this behavior.

Today was a very good exercise thanks to the professional approach of the Cask trainers and consultants.

For more information about this simulation Ocean’s 99 or Reslia® contact Cask LLC at eddie.zapata@caskllc.com

 

Share this article

Leave a Reply

Your email address will not be published. Required fields are marked *