FICTIONAL COMPANY — 演習用仮想企業Fictional Company for Exercise

server started: 2026-04-19 10:54:24

CISO机上演習 Tabletop
プラットフォームExercise Platform_

$株式会社JNSAアーキテクト — powered by JNSA CISO-PRACTSIE

本サイトは、JNSAが公開する「CISO-PRACTSIE」ワークショップ教材をベースにしたセキュリティインシデント対応の机上演習プラットフォームです。登場する企業・人物はすべて架空であり、実在のものとは関係ありません。

A web-based tabletop exercise platform for security incident response, based on the CISO-PRACTSIE workshop materials published by JNSA. All companies and individuals appearing in the exercise are fictional.

演習について知るLearn About the Exercise 資料をダウンロードDownload Materials サンプルSample

この机上演習は、これらの書籍をベースに設計されていますThis exercise is based on the following books

📖 CISOのための情報セキュリティ戦略 📖 CISOハンドブック

// 01 — About サーバー起動Server started: 2026-04-19 10:54:24

演習の概要About the Exercise

本演習は、JNSA（日本ネットワークセキュリティ協会）が公開している「CISO-PRACTSIEワークショップ教材 Version 2」をベースに構築された Webベースの机上演習プラットフォームです。

This platform is a web-based tabletop exercise built on the CISO-PRACTSIE Workshop Materials Version 2, published by JNSA (Japan Network Security Association).

参加者はCISOの役割を担い、ランサムウェアインシデントへの対応レポートを作成します。 AIがCEO・CFO・CIO・CSIRTなど各ステークホルダーを演じ、レポートの内容をリアルタイムに評価・フィードバックします。

Participants take on the role of CISO and prepare response reports for a ransomware incident. AI plays stakeholders such as CEO, CFO, CIO, and CSIRT, evaluating and providing feedback on reports in real time.

登場する企業・人物・システムはすべて架空です。 実在する企業・団体・個人とは一切関係ありません。

All companies, individuals, and systems appearing in the exercise are entirely fictional. They have no relation to any real organizations or individuals.

// EXERCISE INFO
ベース資料Base Material
CISO-PRACTSIE WS教材 v2CISO-PRACTSIE WS Materials v2

主催Organizer
JNSA CISOサポートWG

仮想企業名Fictional Company
株式会社JNSAアーキテクト

対象シナリオScenario
ランサムウェアインシデント対応Ransomware Incident Response

ライセンスLicense
CC BY-SA 4.0（商用利用はJNSAへ要許諾）CC BY-SA 4.0 (Commercial use requires JNSA permission)

// 02 — Purpose

演習の目的Purpose

[01]

意思決定力の向上Improving Decision-Making Ability

インシデント発生時にCISOが直面する複雑な意思決定を疑似体験し、実践的な判断力を養います。Simulate the complex decisions CISOs face during incidents and develop practical judgment.

[02]

ステークホルダー対応の習熟Stakeholder Communication Skills

CEO・CFO・取締役会・メディア・規制当局など、多様なステークホルダーへの報告・説明能力を鍛えます。Sharpen reporting and communication skills for diverse stakeholders including CEO, CFO, board, media, and regulators.

[03]

レポーティングスキルの強化Strengthening Reporting Skills

インシデントの状況を正確・簡潔に伝えるレポート作成能力を、AIによる即時フィードバックで向上させます。Improve the ability to write accurate and concise incident reports, with real-time AI feedback.

[04]

組織対応の課題発見Identifying Organizational Gaps

演習を通じて自組織のインシデント対応プロセスの課題や改善点を可視化します。Visualize gaps and areas for improvement in your organization's incident response process.

[05]

国際標準への対応Alignment with International Standards

NIST SP 800-61・ISO/IEC 27035・NIST CSFなどの国際標準に沿った対応を体得します。Internalize responses aligned with international standards such as NIST SP 800-61, ISO/IEC 27035, and NIST CSF.

[06]

ファシリテーター機能Facilitator Features

管理者パネルから複数グループのセッションを一元管理。グループ間の比較・進捗確認が可能です。Centrally manage multiple group sessions from the admin panel with cross-group comparison and progress tracking.

// 03 — Scenario

演習シナリオExercise Scenario

ランサムウェアインシデント対応 — 株式会社JNSAアーキテクト Ransomware Incident Response — JNSA Architects, Inc.

従業員170名、年商34億円のオンラインゲーム企業（架空）を舞台に、ランサムウェア感染から事業復旧・対外公表までの一連の対応をCISOとして指揮します。 AIが経営陣・技術部門・メディア・規制当局などのステークホルダーとなり、リアルタイムにあなたのレポートを評価します。

As CISO of a fictional online game company (170 employees, ¥3.4B annual revenue), you lead the response from ransomware infection through business recovery and public disclosure. AI plays stakeholders — management, technical teams, media, and regulators — and evaluates your reports in real time.

Ph.A インシデント検知・初動対応方針の策定Incident Detection & Initial Response Policy
Ph.B 被害範囲の特定と封じ込め対応の報告Scope Assessment & Containment Report
Ph.C 事業継続・復旧計画と経営報告Business Continuity, Recovery Plan & Management Report
Ph.D 対外公表・メディア対応・規制当局報告Public Disclosure, Media Response & Regulatory Report
Ph.E 再発防止策・教訓の整理と取締役会報告Post-Incident Lessons & Board Report

// 04 — Resources

参考書籍Reference Books

本机上演習は、以下の2冊の書籍をベースに設計されています。

This tabletop exercise is designed based on the following two books.

BOOK

技術評論社 — 2023 | ISBN: 978-4-297-13294-1

CISOのための情報セキュリティ戦略 ―危機から逆算して攻略せよ

著: 高橋正和 / 協力: JNSA CISO支援ワーキンググループ

↗ BOOK

技術評論社 — 2021 | ISBN: 978-4-297-11835-8

CISOハンドブック ――組織と経営層のための情報セキュリティ対応ガイド

著: JNSA CISO養成支援プログラム（日本ネットワークセキュリティ協会）

↗

CISO Tabletop Exercise — User Guide

Introduction

This system is a tabletop exercise tool for experiencing ransomware incident response. Participants play the role of a CISO (Chief Information Security Officer). For each phase, you write and submit a status report, and the AI evaluates it from the perspective of each stakeholder (CEO, CFO, CIO, etc.) and provides feedback.

1. Getting Started

How to Join the Exercise

Your facilitator will provide an Exercise ID (8-character alphanumeric code).

Steps

Open the top page in your browser http://<server-address>/en
Enter the Exercise ID in the "Join Exercise" bar at the top of the page
Click the "Join →" button
You will be automatically redirected to the exercise screen

Types of Exercise IDs

Type	Capabilities
Representative ID	Enter/submit reports, access all features
Member ID	View only — see the representative's inputs and evaluation results

For group participation: Each group has one representative. The person with the Representative ID operates the system; members follow along using their Member IDs and participate in discussion.

Direct URL access: If your facilitator provides a direct URL, you can access the exercise by clicking that link.

2. Overall Exercise Flow

① Set your CISO name
        ↓
② Repeat Phases 1–4
   ┌──────────────────────────────────────────┐
   │ Read the situation briefing              │
   │ ↓                                        │
   │ Fill in the status report               │
   │ ↓                                        │
   │ Click "Register"                        │
   │ ↓                                        │
   │ Click "Consult Stakeholders" (AI eval.) │
   │ ↓                                        │
   │ Review results & discuss                │
   │ ↓ (optional)                            │
   │ Check hints & attacker's perspective    │
   │ ↓                                        │
   │ Click "Next Phase"                      │
   └──────────────────────────────────────────┘
        ↓
③ Final evaluation & PDF download

3. Screen Layout

┌────────────────────────────────────────────────────────┐
│ Navigation bar (exercise name · group name)            │
├────────────────────┬───────────────────────────────────┤
│ Sidebar            │                                   │
│  · Company Profile │  Main Area                        │
│  · Section links   │  · Situation briefing             │
│  · Stakeholders    │  · Mission                        │
│  · CISO name setup │  · Report input form              │
│                    │  · Register button                │
│                    │  · "Consult Stakeholders" button  │
│                    │  · Evaluation results             │
│                    │  · Hint button                    │
│                    │  · Attacker's perspective button  │
│                    │  · Response status check          │
│                    │                                   │
└────────────────────┴───────────────────────────────────┘

4. Step-by-Step Instructions

Step 1 — Set Your CISO Name

In the "CISO Settings" field on the left sidebar, enter your name (or the CISO's name) and click "Update". This name will be used in the AI's feedback.

Step 2 — Read the Situation Briefing and Mission

Each phase begins with a "Situation Briefing" and a "Mission." Read these alongside the facilitator materials and discuss as a group.

Step 3 — Fill In the Status Report

There are two input methods, selectable via tabs.

📋 Form Input Tab (Recommended)

Each field is displayed as an input element. Fill in each item.

Includes text fields, single-choice (radio buttons), and multiple-choice (checkboxes).
Automatically converted to Markdown format upon submission.

📝 Text Input Tab

Enter free-form text directly. Useful when pasting a report created in another tool.

Step 4 — Click "Register"

After filling in the report, click the "Register" button.

Your input is saved and the "Consult Stakeholders" button becomes active.
The reminder message "Please register before consulting stakeholders…" will turn grey once registered.
You cannot run "Consult Stakeholders" without clicking "Register" first.

If you change your stakeholder selection, do so before clicking "Register." Clicking "Register" saves both the report content and the checkbox selections.

Step 5 — Click "Consult Stakeholders" (AI Evaluation)

Click the "Consult Stakeholders" button (Phase 4: "Hold Press Conference") to have the AI evaluate your report from each stakeholder's perspective.

Evaluation may take 30 seconds to 2 minutes.
The button will be greyed out during processing. Please wait.
Once complete, each stakeholder's comments will appear in the "✅ Evaluation Results" section.

Selecting Evaluation Stakeholders

In the sidebar under "Evaluation Stakeholders," you can choose which stakeholders will evaluate your report.

Scenario-assigned (default): The stakeholders recommended for this scenario are pre-selected.
Others: Additional stakeholders can be selected.
If you change your selection, click "Register" again.

Step 6 — Review Evaluation Results

Stakeholder comments are organized in tabs.

Each stakeholder's feedback covers three aspects:

Aspect	Content
Report Evaluation	Appropriateness of content, missing perspectives
Instructions to Department	Actions the stakeholder directs to their own team
Requests to CISO	What the stakeholder expects from the CISO

Share the feedback within your group and discuss before moving to the next phase.

Step 7 — Request a Hint (Optional)

Below the evaluation results, you will find the "💡 Request a Hint from the Incident Response Expert (Optional)" button.

Provides hints and improvement suggestions from an incident response expert's perspective.
This is optional — the exercise proceeds without it.
Make sure to register your report before requesting a hint.

Step 8 — Check the Attacker's Perspective (Optional)

Click the "🎯 Check Attacker's Perspective (Optional)" button next to the hint button. A rival attacker (0xShadow) will analyze the situation from an attacker's point of view in a modal window.

Points out weaknesses in the defender's response from a "how I would attack the same target" perspective.
Analysis incorporates the phase situation, submitted report, and stakeholder comments.
This is optional — the exercise proceeds without it.

Step 9 — Check Response Status (Optional)

The "📊 Response Status Check" section shows how your response compares to the stakeholder matrix.

Button	Content
Check response status (cumulative, all phases)	Analyzes response coverage across all phases

Results are shown as ○ Addressed / △ Partial / × Not addressed.
This is also optional.

Step 10 — Click "Next Phase"

Once review and discussion are complete, click "Next Phase" to proceed.

Note: Clicking "Next Phase" finalizes your input for the current phase and advances to the next. You cannot return to a previous phase.

Step 11 — Final Evaluation (After All Phases)

After completing all phases, the "Go to Evaluation" button will appear.

On the final evaluation screen:

An overall evaluation report is generated by the incident response expert across all phases
You can download the evaluation report (PDF) and response status matrix (PDF)

5. Additional Features

🏢 View Company Profile

Click the "View Company Profile" button in the sidebar to see the company information and stakeholder list assumed in this exercise.

📄 View Submitted Reports

The "Submitted Reports" section in the sidebar shows links to reports submitted (finalized by clicking "Next Phase") in previous phases.

Clicking a link opens the report content in Markdown format in a new tab.
Useful for reviewing what you wrote in previous phases.
Form markers (e.g., (#TEXT,...)) are removed from the display.

💬 Consult the Consultant

During each phase, you can consult a security and risk consultant. Ask questions in chat format and receive answers informed by reference materials.

🔄 Update Button

To reflect your draft input in real time on member screens, click the "Update" button.

6. For Members (View Only)

When accessing via a Member URL:

You cannot enter or submit reports
Content entered and updated by the representative is reflected on your screen in real time
Evaluation results, hints, and response status check results are also displayed automatically
PDF downloads are available

If the "Member" badge is shown in the top-left corner, you are correctly in member mode.

7. Frequently Asked Questions

Q. Is there a correct answer for the status report? A. There is no single correct answer. Fill in the report based on the phase situation and discuss as a group. Use the AI feedback as a reference.

Q. The "Consult Stakeholders" button stays greyed out A. Click "Register" first. You cannot run the evaluation without registering.

Q. The AI evaluation is not returning / an error appeared A. Wait a moment and try clicking the button again. If the problem persists, contact your facilitator.

Q. I want to go back to a previous phase A. Moving back to a previous phase is not supported.

Q. I accidentally closed the page A. Return to the top page, enter the same Exercise ID, and rejoin. Your input and evaluation results will be restored.

Q. Member screen is not reflecting the representative's input A. The representative should click the "Update" button for immediate reflection. Otherwise, wait for the automatic update (approximately every 30 seconds).

8. Phase Overview

Phase	Title	Main Mission
Phase 1	Ransomware Infection on an Endpoint	Initial response decisions and status report
Phase 2	Critical System Outage	Responding to major system shutdown
Phase 3	Recovery and Post-Incident Actions	Recovery planning and recurrence prevention
Phase 4	Press Conference	Public disclosure and position paper preparation

The number of phases and content may vary depending on the exercise type.

If you have any questions, please contact your facilitator.

🏢 企業情報🏢 Company Information

Company Name	JNSA Architects, Inc.
Annual Revenue	JPY 3.4 billion
Employees	170
Main Business	PC online game development and operation
Key Systems	GanGan system (2M users, 100K paying, JPY 2B revenue last year, AWS Japan region)
Company Culture	- No prior incident response experience. - Tends to view security incidents optimistically. - Cultural divide between founding members (Executive Takahashi) and those with a banking background (Executive Managing Director Sasaki).

👥 ステークホルダー（22名）👥 Stakeholders (22)

The final decision-maker for the entire company. Responsible for balancing business continuity, social responsibility, and shareholder value. In the event of an incident, responsible for determining the company-wide response policy, final approval of external communications, and reporting to the board and key stakeholders.

P&L owner of the core business. Revenue and KPI achievement are the top priority. During an incident, provides business-perspective input on minimizing revenue impact from service outage, preventing customer churn, and recovery prioritization.

Head of a relatively small business with influence over organizational culture. During an incident, provides risk-focused advice and an internal-control perspective on restoring morale and trust.

Head of the management division overseeing finance, legal, and HR. During an incident, responsible for financial impact assessment, provisioning decisions, legal risk management, regulatory compliance, and compensation policy.

Head of the overall IT infrastructure. Prioritizes availability and stable operations. During an incident, responsible for technical containment, recovery planning, system shutdown decisions, and technical briefings to management.

Operational lead for technical incident response. Responsible for initial response, forensics management, IOC analysis, and designing preventive measures. Provides accurate technical facts to management.

External risk management expert. Advises the CEO from a second-line position. Responsible for assessing the validity of management decisions, providing advice based on international standards, and checking the appropriateness of external communications.

Responsible for personal data protection and compliance with GDPR and similar regulations. Responsible for determining whether a breach has occurred, reporting to regulators, and confirming the legal validity of victim notifications.

Head of all system development. During an incident, responsible for assessing impact on the development environment, deciding on release halts, and re-adjusting modification schedules.

Operational lead for system operations. Leads server isolation, backup verification, and recovery operations.

Independent director responsible for governance oversight. Evaluates the appropriateness of management's response, accountability, and governance standards.

Director who oversees management decisions from an objective standpoint. Evaluates the rationality of risk response and the appropriateness of internal controls.

Responsible for overseeing accounting and internal controls. Audits financial impact, provisioning treatment, and the effectiveness of internal controls.

Contact for a major advertising client. Concerned about the impact of service outages and brand damage on advertising effectiveness; has influence over the decision to continue placing ads.

Contact for investors and analysts. Responsible for capital market disclosure and accountability, working with management and finance on investor relations.

Contact at the cyber insurer or broker. Supports confirmation of policy applicability, claims processing, and evidence gathering.

Primary contact for supervisory authorities and data protection agencies. Confirms reporting requirements and deadlines, and coordinates with authorities.

CISO机上演習 Tabletop プラットフォームExercise Platform_