Observing the recent trend of information security incidents, we find that many organizations tend to relieve symptoms in an ad-hoc manner, while committing on unnecessary measures.
It is important to secure appropriate preventive measures against incident occurrence, as well as to minimize and confine (contain) damages, then develop the organization's own capability to recover quickly.
Post-incident measures are being prepared by larger corporates and businesses that consider the importance of Internet security over their business activities.

Cyber security exercises aim to confirm and validate functions, capabilities, and mutual communication situation expected to the parties in-charge, prior to occurrence of grave incident. It is implemented while controller with information gathering and coordination task placed at the center, and players (cyber security exercise participants) placed in a star-shaped formation.

"Emergency framework and response" in development

• Direction issued by management sector
• Developing communication framework and response process
• Inform company members and associated companies
• On-site application and management

Concern over "emergency framework and response" (of the management sector)

Concern over "emergency framework and response" (on-site)

Follow-up report

• Exercise results are analyzed and evaluated based on objective facts, and then brought together
• It can be utilized as a studying material for members who did not attend the exercise

Usage examples of follow-up reports

• As execution history of information security measures
• To provide feedback to the exercise participants
• To be utilized for the next round of information security measure planning
• To inform the management sector

• Extracting agenda for designing policies and procedures to match actual conditions
• Finding target ranges of development, education, and training
• Finding participants in need of further response capability or function
• Finding issues regarding information security over information distribution framework within / outside of the corporate boundary
• Encouraging voluntary activities of each organization
• Improving capacity of response teams

Sponsors evaluate the confirmation and validation target, by observing "capability", "overall activity", and "each organization's action". Key examples are as follows.

Capability examples

• Response capability of each organization
• Communication capability of each organization

Overall activity examples

• Use of upper-level individuals (decision makers), core character (key person), and experts
• Use of contact list (telephone numbers and e-mail addresses)
• Use of other communication channels (over-the-phone/video conferences)
• Utilization of rarely used emergency communication devices

Examples of each organization's actions (tasks)

• Organizational response task expected by preexisting provisions
• Organizational tasks expected by others
• Practical lifeboat-type tasks of the organization