Skip to content

What is Exercise in a Box?

Exercise in a Box is a 90-minute non-technical workshop which helps organisations find out how resilient they are to cyber attacks and practice their response in a safe environment. It was developed by the National Cyber Security Centre and started as a self-use tool to help organisations test and practice their internal response to many cyber issues.

You don’t have to be technical to get involved. Exercise in a Box is a tool that recreates real-world business scenarios and with probing questions attached to each scenario, it allows your organisation to test its cyber resilience. Exercise in a Box allows your organisation to do them in your own time, in a safe environment, as often as you want. It includes everything you need for setting up, planning, delivering, and post-exercise activity.

The Cyber and Fraud Centre – Scotland team deliver Exercise in a Box to Scottish organisations by conducting practical workshops where we facilitate one of the scenarios. Please note the current sessions delivered by the Cyber and Fraud Centre – Scotland team are for Public and Third Sector organisations. Private sector organisations can book a session by emailing [email protected].

Register your organisation or charity here
Exercise in a box

Explore The Different Scenarios and What We Offer From Exercise in a Box:

Upcoming Events

Scott Barnett Exercise in a Box

The Ethical Hacking team’s partnership with NCSC delivers, informative, actionable and realworld based cyber scenarios that are incredibly useful for a range of roles in any organisation. NHS Scotland NSS will be exploring these scenarios to identify gaps in our prevent, detect and response processes and procedures and to engage other areas of our business on cyber matters. What we like most about it, is the non-technical nature of the materials – literally anyone in your organisation will find value in taking part in these scenarios

Scott Barnett, Head of Information and Cyber Security, NHS Scotland National Shared Services 

Simon Chittick Exercise in a Box

Was a little bit sceptical of the use of EiaB but after attending I found it really useful. It’s a quick and effective way to accurately judge your readiness and ability to prevent, detect, or respond to an incident.

Simon Chittick. Cyber Operations Manager. Social Security Scotland

Join an Upcoming Session

Exercise in a Box has been piloted with small and medium enterprises, local government and emergency services, but other private and public sector communities can also benefit from using it depending on their needs. We have seen companies of all sizes and sectors complete a scenario and see a great benefit; however, micro-companies, sole traders, or companies at a very early stage of tech development may not get the full value of joining. Please reach out to us if you are in doubt about this.

We are conducting in-person and online sessions over Microsoft Teams. The session type will be clear in the event registration page name. The session is discussion-led, and with this, it is paramount that you bring some team members! Along with yourself, we recommend at least 2 – 5 others, with employees from different departments represented. As it is non-technical, those from non-technical departments will be able to feed just as much into the conversation as a technical team.

We are welcoming organisations from all over Scotland to take part in one of our Exercise in a Box sessions taking place over the next few months. Sign-up on behalf of your organisation via the event page, and we will be in touch with more details.

If you are interested in finding out more, please email your interest to [email protected]

Subscribe to our Training Newsletter to be the first to hear about new and upcoming sessions.