diff --git a/backend b/backend
index 2ab2147b637951a2a16510e2c138ba1fbe9c67df..516ba6dcb219a15b8fa5ddcadf4db956edba23b1 160000
--- a/backend
+++ b/backend
@@ -1 +1 @@
-Subproject commit 2ab2147b637951a2a16510e2c138ba1fbe9c67df
+Subproject commit 516ba6dcb219a15b8fa5ddcadf4db956edba23b1
diff --git a/docs/INJECT_process/execute/overview.md b/docs/INJECT_process/execute/overview.md
index cfba95ea9088f6fd6e918979e4153d493f2fd68b..2900b81c026e84e17b1e95ab71a80ab903892247 100644
--- a/docs/INJECT_process/execute/overview.md
+++ b/docs/INJECT_process/execute/overview.md
@@ -28,13 +28,17 @@ Here are some key tasks to keep in mind:
- **Provide Initial Exercise Brief**:
Start by providing participants with an initial exercise brief, outlining the context, rules, and expectations for the exercise.
-- **Consider Platform Tutorial**:
- If necessary, provide a tutorial on how to navigate and use the platform effectively, ensuring that participants are familiar with its features and functionalities.
- You can use our showcase definition:
+- **Consider Platform Intro Tutorial**:
+ Since the IXP may be new to many participants, it makes sense to **let them to complete the introductory tutorial first**. Although the platform’s user interface is intuitive, having a structured
+ overview is more beneficial than letting participants figure it out during the actual exercise. We have created a short introduction that will take no more than 15 minutes to help enhance their
+ experience.
+
+
<div class="navigation" markdown>
- [Showcase Definition](https://gitlab.fi.muni.cz/inject/inject-docs/-/raw/main/files-from-repos/showcase-definition.zip?ref_type=heads&inline=false){ .md-button }
+ [Intro Definition](https://gitlab.fi.muni.cz/inject/inject-docs/-/raw/main/files-from-repos/intro-definition.zip?ref_type=heads&inline=false){ .md-button }
</div>
+
- **Monitor Trainee Activities**:
Keep a close eye on the activities of trainees throughout the exercise.
Ensure that they are engaged and progressing appropriately.
diff --git a/docs/INJECT_process/intro/overview.md b/docs/INJECT_process/intro/overview.md
index 61055d26f92a15f880893c6e7312c136b02208ca..a07a8bbbde9f6df60bae16f23be3965950ea1c25 100644
--- a/docs/INJECT_process/intro/overview.md
+++ b/docs/INJECT_process/intro/overview.md
@@ -4,7 +4,7 @@
- The INJECT process is a way to design tabletop security exercises with the INJECT Exercise Platform.
- It consists of five interconnected phases inspired by design thinking:
- understand, define, prepare, execute, and reflect.
+ understand, specify, prepare, execute, and reflect.
- The main advantage is that it incorporates the platform into the whole process.
---
@@ -21,9 +21,9 @@ During this phase, you will ensure that you have a comprehensive understanding o
### 02 Specification phase
-In the Definition phase, you will clearly define the exercise objectives, aligning them with the needs identified in the previous phase.
+In the Specification phase, you will clearly define the exercise objectives, aligning them with the needs identified in the previous phase.
This involves breaking down these objectives into specific learning activities and creating the main and parallel inject lines that form the scenario.
-The primary outcome of this phase is a well-structured scenario that will guide the exercise.
+The primary outcome of this phase is a well-structured specification that will guide the exercise preparation.
### 03 Preparation phase
@@ -51,8 +51,8 @@ This phase aims to identify strengths and areas for improvement, helping to enha
??? "Relation to INJECT Exercise Platform Components:"
### Editor
- The Editor is a versatile tool used during the **Definition and Preparation phases** of the INJECT Process.
- It allows exercise designers to define exercise objectives, create scenarios, and prepare exercise content.
+ The Editor is a versatile tool used during the **Specification and Preparation phases** of the INJECT Process.
+ It allows exercise designers to specify exercise objectives, create scenarios, and prepare exercise content.
With its user-friendly interface, the Editor enables efficient scenario development and content organization.
### Trainee View
@@ -112,19 +112,24 @@ Depending on the context, these functions may overlap, with some individuals tak
**The INJECT process is designed to guide you through organizing a successful tabletop exercise using the INJECT Exercise Platform.
There are two primary types of exercises you can consider:**
+- **Strategic-management exercise**:
+ These exercises emphasize decision-making, evaluation, and high-level planning.
+ They are suited for testing strategic thinking and the ability to manage and respond to complex scenarios
+
- **Process-Technical Exercises**:
These exercises focus on simulating specific processes using designated tools.
They are ideal for honing technical skills and ensuring that participants are proficient in particular procedures and systems.
-- **High-Level Strategic Exercises**:
- These exercises emphasize decision-making, evaluation, and high-level planning.
- They are suited for testing strategic thinking and the ability to manage and respond to complex scenarios.
While these categories provide a useful framework, it is not necessary to adhere strictly to one type.
In fact, exercise designers are encouraged to blend both approaches.
By combining process-technical elements with strategic decision-making components,
you can create a more comprehensive and effective exercise tailored to your specific goals.
+!!! Glossary
+ We use several terms in the INJECT process that may be unfamiliar, but you can always find their definitions in our [glossary](../../glossary-of-terms.md).
+
+
##Â Start now
<br>
diff --git a/docs/INJECT_process/prepare/overview.md b/docs/INJECT_process/prepare/overview.md
index 1fab571c276f8378f7bf912e9161fff3350db61e..e8cfebf4e1d707f64322d1f13f32ddfdad094b4a 100644
--- a/docs/INJECT_process/prepare/overview.md
+++ b/docs/INJECT_process/prepare/overview.md
@@ -76,14 +76,7 @@ However, there is an alternative option available: you can prepare content direc
However, please note that the Editor's functionalities are still undergoing extensive iteration.
As a result, this section is not currently included in the documentation.
-??? "How to make exercise more fun?"
- ## TECHNIQUES – TBD
-
- - gamification
- - offline aspects
- - emotions
- - strong story
## Exercise logistics
@@ -164,7 +157,7 @@ However, there is an alternative option available: you can prepare content direc
By following these steps, you will be able to successfully set up and run an exercise on the INJECT Exercise Platform.
-??? "User onboarding"
+??? "Onboarding"
Since the IXP may be new to many participants, it makes sense to **let them to complete the introductory tutorial first**. Although the platform’s user interface is intuitive, having a structured
overview is more beneficial than letting participants figure it out during the actual exercise. **We have created a short introduction that will take no more than 15 minutes to help enhance their
experience.**
diff --git a/docs/INJECT_process/specify/advanced_approaches.md b/docs/INJECT_process/specify/advanced_approaches.md
new file mode 100644
index 0000000000000000000000000000000000000000..87604da308424c56b580692b65f2dd4b07b8bb48
--- /dev/null
+++ b/docs/INJECT_process/specify/advanced_approaches.md
@@ -0,0 +1,59 @@
+# Advanced Approaches
+
+## In a nutshell
+- This section focuses on advanced approaches to exercise specification.
+- These approaches can greatly enhance the overall participant experience.
+- Specifically, this includes the addition of tools, the use of conditioned responses, and the interaction between these elements.
+
+---
+
+## Where are we in the INJECT process?
+
+
+
+---
+
+## Use of Conditions
+Ordinary TTXs are usually unable to react in any way to the actions of participants. IXP can do this on multiple levels.
+Some injects types have this integrated by default:
+
+- The instructor chooses one of the possible answers to the email - the chosen answer can be followed up with the following automatic action of the platform..
+- Using reactions to free form injects - similarly, diffrent reactions can be linked to the following automatic action of the platform..
+- Using decision points - each answer chosen can be associated with another automatic action of the platform.
+- Hints - Hints are actually conditioned responses to participants' behavior.
+
+However, the possibility of conditioning does not end there. Almost every action of the participant that is manifested in the platform, can be linked by the another automatic action. This is done by so-called milestones. You can simply think of them as a switch. If the activity of the participant in the platform activates this switch than the next automatic action happen.
+
+You can also set a condition that triggers the switch if a specific action doesn't occur by a set time. For example, if the CEO hasn't been informed by the 20th minute of the exercise, the platform will automatically send a complaint email asking why they were left out.
+
+Similarly, a questionnaire may come in response or media coverage depending on the fact that participants chose not to communicate a cyberattack on their organization.
+
+### Beware of two common problems:
+**1.**
+You might think that it is possible to create a whole parallel storyline to the scenario, and you will be right. However, reality is very complex and the exercise scenario is always a simplification of it. Beware of the trap of developing a scenario into several parallel storylines. The reason is that you will ultimately spend much more time in preparation but the problem is, most of the content prepared in this way will not be seen by your participants anyway (logically, they will choose only one of the storylines). Conditional injects are therefore an interesting and welcome option that conventional exercises do not offer. However, we recommend making these conditional storylines as minimalist as possible. Among other things, this will also come in handy during the exercise evaluation.
+
+**2.**
+Linking of activities in the platforms is complex and needs to be verified several times that it cannot be bypassed. A concrete example might be a situation where a designer thinks like this: The final step in the exercise is the use of the tool "Convene Crisis Meeting". So we set the condition that after activating it, a questionnaire with a final reflection is automatically sent to the participants. At first glance, everything looks logical, however, we have to ask ourselves - can the participant use the tool earlier? For example, because of a bad evaluation of the situation - if so, it cannot be expected that this will always happen at the end of the exercise and therefore the condition set in this way is inappropriate.
+
+## Combinations of injects
+*Please, note that this section will be further developed later. *
+
+- The platform allows us to create very specific types of scenarios that can combine diffrent types of injects, eg. email communication with interactive injects.
+- Testing is essential when designing these types of exercises - because it is harder to know whether the intended links between activities will be understood by participants.
+
+??? "Bonus: How to make exercise more fun?"
+
+ ### To Be Done
+
+ - gamification
+ - offline aspects
+ - emotions
+ - strong story
+
+<div class="navigation" markdown>
+ [← Exercise Specification](../specify/exercise_specification.md){ .md-button }
+
+</div>
+<div class="navigation" markdown>
+ [Specification Phase Overview](../specify/overview.md){ .md-button }
+</div>
diff --git a/docs/INJECT_process/specify/exercise_specification.md b/docs/INJECT_process/specify/exercise_specification.md
new file mode 100644
index 0000000000000000000000000000000000000000..b811cee2f5943ad50d75b1ccf50f896f5ff52890
--- /dev/null
+++ b/docs/INJECT_process/specify/exercise_specification.md
@@ -0,0 +1,118 @@
+# Basic ways of exercise specification
+
+## In a nutshell
+- This section builds on the knowledge from previous sections and the information gathered during the 01 Understanding Phase.
+- It details how to specify exercises for the INJECT platform.
+- We present two main approaches: strategic-management exercises and process-technical exercises.
+
+---
+
+## Where are we in the INJECT process?
+
+
+
+---
+
+## General information
+**Three basic elements of an exercise - learning objectives, learning activities and injects are closely related**. We found it useful to draw out each relationship on paper first so that we know - what are our learning objectives for the exercise (LO), what specifically the participants will do in it (learning activities) and what injects we need to prepare for them. The whole design process is necessarily iterative.
+
+
+
+- You can combine the described [Injects](../specify/injects.md) in any way you like, but you may also find it useful to start from a predefined type and modify it further.
+As we indicated at the beginning of the section describing [Learning objectives](../specify/learning_objectives.md), you can approach the exercise in two basic ways:
+
+- Type One: **Strategy and Management Exercise** - In this exercise, participants are presented with individual problems in the form of fre forms, questionnaires, scales, decision tasks, media inputs, etc. It is more suitable for more general scenarios or managerial positions, but can also be prepared for CSIRT members.
+- The second type: **process-technical exercises** - based on an attempt to simulate the course of a process. The main input is e.g. a document describing the response to incidents, etc. injects here are primarily via emails, it is possible to use abstraction of specific tools or measures and at the end there is a reflexive part containing questionnaires or open questions. **Beware, if you don't have the actual organization and process as a basis**, you will be in a very difficult situation as a designer. In fact, if the organisation does not exist, you have to create it completely - a task that exceeds the contribution of TTX in its complexity.
+
+??? "How to specify a strategic-management exercise"
+ ### What do these exercises look like off the platform?
+ Participants usually receive a paper assignment where the individual injects are presented, structured into phases or blocks.
+ The injects are most often in the form of text, but sometimes pictures are also added. Each inject is accompanied by questions. Depending on the type of target group, participants work either in small teams or all together. Often a facilitator is involved.
+
+ ### Modes of presentation in the platform:
+ - It is recommended to divide participants into smaller teams (3-5 members). It is best if everyone has a laptop with access to the platform, and they designate that only one of them will interact with it. Alternatively, they will divide their roles in some way.
+
+ - If a screen or larger screen is available, the exercise can be presented to a larger group (the discussion will be influenced by the dominant members). It is useful to have a facilitator.
+
+ - If the participants cannot control the platform, one of the instructors can do so.
+
+ - The exercise can theoretically be run for one participant. However, without discussion it becomes more of an interactive training. Each team can go at its own speed
+ ### How to use different types of injects
+ - Inject type: email - not used in this type of exercise.
+ - Inject type: execise information - suitable for instructions and outlining the general context at the beginning of the exercise.
+ - Injects of the type: document - strategic briefs, reports, etc. Consider sending before the exercise.
+ - Inject type: questionnaire / scale - recommended.
+ - Decision point - recommended.
+ - Inject type: free form - the main variant of inject for this type of exercise.
+ - Media injects - suitable for adding context or as a direct part of the script.
+ - Inject type: An off-platform activity - a spice up of the scenario, use is not necessary.
+ - Hint - as needed.
+ ### Use of tools
+ - No tools are necessary for this type of exercise. If we want to use them, we recommend them for specific processes or actions that you want to highlight for the participants.
+ - Examples: The tool can substitute a supervisor’s decisions such as issuing a press release, conducting a legal analysis, contacting the police, etc.
+
+ ### Possible scenario structures:
+ #### A) Coherent story - individual injects are interconnected. Everything relates to one storyline that unfolds gradually. Example:
+ - The exercise starts with a document type inject - with a report from a national authority describing the current serious situation. This is followed by a combination of inject type:
+ - Free form - activities: propose, argue, summarize ...
+ – Scale/questionnaire - evaluate, select, determine
+ – The exercise is complemented first by injects in the social media channel that express the public's perception of the situation
+ – The following is also article in major medium.
+ - The exercise proceeds to a serious decision - decision point type inject - we have an alternative conditional inject for each of the variants.
+ - Adding several injects to reflect on the actions taken (free form or questionnaire).
+ - Exercise is otherwise more or less linear, hints do not need to be prepared in advance.
+ #### B) A sets of situations
+ The participants deals with different situations, which are not connected and are only briefly indicated, inspiration: https://x.com/badthingsdaily?lang=cs
+ - The exercise starts with a general introduction in exercise information.
+ - The first block follows with a description of the situation within the free form inject and a request for a description of the possible response.
+ - Followed by 2-3 interactive injects.
+ - The exercise continues in this way with a few more, tightened or slightly altered blocks.
+ - At the end there is space for more general reflection.
+ - The exercise can be improved by conditioning some of the responses in the free form injects.
+
+??? "How to specify a process-technical exercise"
+ ### What do these exercises look like on the platform?
+ Participants usually receive a paper assignment where individual injects are presented, structured into phases or blocks. The injects are most often in the form of text, but sometimes pictures are also added. Each inject is accompanied by questions. Participants work in teams. It is assumed that the exercise relates to a process with which the participants are familiar.
+ ### Modes of presentation in the platform:
+ - It is recommended to divide participants into smaller teams (3-5 members). It is best if each person has a laptop with access to the platform, and designates that only one of them will interact with it.
+ - The exercise can be completed even if only one of the participants has a computer.
+
+ ### How to use different types of injects
+
+ - Inject type: Email - the main type of inject for this type of exercise.
+ - Inject type: Execise information - intro inject, identity, tasks, context etc.
+ - Inject type: Document - politics, structures, manuals, guides
+ - Inject type: questionnaire / scale - reflection, propability
+ - Decision point - usually not used (decisions are made in an email communication)
+ - Inject type: free form - gathering opinions or more speicific reflections.
+ - Medial injects - context, impact of the actions
+ - Inject type: Hint - response to wrong action, action that wass missed or stuck in the exercise.
+
+ ### Use of tools
+ - For this type of exercise, the tools are absolutely essential. They usually try to mimic real tools that would be available to the trainee in a real situation and that could be used to resolve the incident. Most often these will be tools that are not too complex, such as IP blocking, network traffic dump, logging service logging, or creating a backup.
+ ### Possible scenario structure:
+ - Exercises most often start with an introductory inject in exercise information, which includes a description of the organisation concerned, the tasks of the exercisers and, if necessary, important contact details or documents to work with.
+ - The following 2 options are available, either the participants will learn about the problem or incident, for example through a notification they receive by email, or they can be tasked to be proactive and use, for example, a system scanning tool to detect a problem in the system (a very technical exercise).
+ - The tools that the participant is tasked with using to resolve the incident or support the process play a significant role here. However, the whole scenario does not revolve only around the tools, but combines extensively with elements from the strategic management exercise, where participants are also guided through questionnaires, either in the form of scales or free form.
+ - Many processes are also heavily based on communication with actors in the organization, which implies the possibility of abundantly involving communication via email with fictional characters (careful reduces automation and keeps the instructor more busy).
+ - The exercise is very much based on the actions of the participant and only if they perform the anticipated actions can they move towards the goal of resolving the incident.
+ - Very often, hints are implemented to prevent the team from getting completely
+ - In the end, send reflective questionnaires
+
+
+
+
+
+
+
+
+
+<div class="navigation" markdown>
+ [← Tools](../specify/tools.md){ .md-button }
+ [Advanced approaches →](../specify/advanced_approaches.md){ .md-button }
+</div>
+
+<div class="navigation" markdown>
+ [Specification Phase Overview](../specify/overview.md){ .md-button }
+</div>
+
diff --git a/docs/INJECT_process/specify/injects.md b/docs/INJECT_process/specify/injects.md
new file mode 100644
index 0000000000000000000000000000000000000000..217fd6d1365b9b7ee235ed1e660ff968a1f940da
--- /dev/null
+++ b/docs/INJECT_process/specify/injects.md
@@ -0,0 +1,300 @@
+# INJECTS
+
+## In a nutshell
+- Inject is the information that we send to the participants of the exercise and to which they have to react.
+ -This is a very simple inject: "Suddenly no computers are working in your organization. How will you react?"
+- By using a digital platform, we have many more options that can be combined in the exercises.
+
+
+---
+
+## Where are we in the INJECT process?
+
+
+
+---
+
+## Necessary concepts:
+
+
+??? "Channels"
+ The location within the platform where the inject appears - each inject has just one channel within the exercise. At the same time, you can deliver the same inject information via diffrent channels. The basic channels are:
+
+ - **Exercise information** – general channel for communication about exercise
+ - **Emails** – classical email communication
+ - **Tools** - tools outputs
+ – **Questions** - a channel where interactive type injects (e.g. questionnaires) are displayed. The channel name can be changed.
+ <BR>
+ The implementation of media channels is being considered:
+ - **Website** - for simulating websites of different organizations
+ - **Intranet**
+ - **Social media** / - can be named as X, Facebook, LN, ...
+ - **Media** - injects in the form of articles, audio or video. May carry the name of a specific media outlet.
+
+
+
+
+
+??? "Overlay"
+ This is an interface effect that directly affects the dynamics of the exercise. While normally, for example, the questionnaire will be displayed in the preset channel, **if this inject is also set as an overlay, it will be displayed first above everything else**.
+ <br>
+
+ - Example, the overaly questionnaire will cause everything else to go dark and it will appear in the middle of the screen. This makes the inject disrupt the participants' existing activity and draws their attention. Some strategy exercises may consist entirely of injects presented through an overlay.
+
+
+??? "A caption: "Not implemented""
+ The injects with this caption have not yet been implemented in the platform. They are likely to be added in the future, though they may be modified based on team discussions.
+
+
+
+
+
+
+## INJECT Types
+Let's now take a detailed look at the different types of injects, their typical use in an exercise and the related [Learning activities](../specify/learning_activities.md).
+
+??? "1. Inject type: Email"
+ ### Inject description
+ This is a classic email conversation. It can also contain email attachments. The sender address is also an important part of this type of inject and is fully configurable. Emails in the form of an inject can be sent either automatically or as an instructor activity.
+ ### Channel
+ Only a specific channel for emails. The channel functions as a simple email client.
+ ### Overlay
+ Emails are usually not used in conjunction with overlays.
+ ### Typical use in an exercise
+ Emails can be used in any type of exercise. They are essential in process-technical exercises.
+ ### Possible mistakes
+ - An important prerequisite for the use of emails is that the exercise participants know their "game identity". In other words, they need to be clear why they are receiving the email. If you, as an instructor, do not communicate this well, there may be misunderstandings that result in not being able to use the pre-prepared template responses.
+ - You must identify all email addresses prior to the exercise. Omissions cannot simply be resolved during the exercise, any address must be entered into the platform in advance. Therefore, think carefully about their structure and meaning. For example, ensure that all emails within the organisation have the same spelling. Also consider creating email addresses to give to participants even if you don't intend to use them - it completes the scenario better and adds more decision-making for participants.
+ - Another possible error is a misunderstanding of the context for which this tool is suited. Could you imagine dealing with a truly escalated crisis situation through emails? Or would it be more likely that the team would be more likely to meet physically or at least make a phone call?
+ - Consider whether it is necessary to specifically instruct participants at the beginning of the exercise that the emails are legitimate and that they do not need to look for phishing attempts. In one of our first exercises, we had participants simply not open the initial email because they thought it was phishing - in short, they expected it in a cybersecurity exercise.
+ ### Related manifestations in the platform
+ - Establishing email communication - participants sent an email. LA is filled just by sending an email. Only 1x can be used for each email address.
+ - Email reply from the instructor - see above.
+ ### Examples
+ - Internal communication in the organisation.
+ - Inter-organisational communication.
+ - Communication with oustsorced co-workers.
+ - Communication with journalists.
+ - Etc.
+
+
+??? "2. Inject type: Execise information "
+ ### Inject description
+ It is used to communicate basic information about the exercise - e.g., introductory inject, contextual information, exercise time shift information, closing information.
+ ### Channel
+ Exercise information.
+ ### Overlay
+ The Exercise information inject can be displayed as an overlay, this is especially useful for important notifications or hints.
+ ### Typical use in exercise
+ This type of inject is defacto a form of instruction, so it can be used in any exercise.
+ ### Possible mistakes
+ - Mixing "ingame" information and information outside the exercise. Our recommendation is that all information should be communicated in a manner as appropriate to the scenario as possible. In other words, we recommend omitting information that shifts the context out of the scenario (e.g., noting that there is a catering ready, etc.).
+ ### Related manifestations in the platform
+ - Depending on the information presented, any LA may follow up. However, the Click on the Confirmation Button has a specific use - e.g. in situations where we want participants to consciously end the phase of reading more extensive input information and move on.
+ ### Examples
+ - Information about the exercise identity of the participants.
+ - Basic rules of the exercise.
+ - Information that the next injects take place at a different time than the previous one.
+ - Context information that cannot be naturally communicated within other injects.
+ - Summary of the exercise.
+
+
+??? "3. Inject type: Document"
+ ### Inject description
+ This inject means sending a pdf document to the participants to read, analyze or make a decision based on it.
+ ### Channel
+ The document is most often used in the Exercise information channel , but can also be presented in other, more specialized channels such as an intranet or website. Last but not least, it can also be sent by an email or using tools (more in the specific section ->Â [Tools](../specify/tools.md)) .
+ ### Overlay
+ It can be used.
+ ###Â Typical use in the exercise
+ Sending reports, analyses, briefings, internal regulations, etc. At the same time, the document can serve as a certain assignment, a framework, which is then followed by other injects - for example, questionnaires or decision point.
+ ### Possible mistakes
+ - Sending a long document. If you need participants to read a large amount of text, do everything you can to get them to do so before the exercise - e.g. sending handouts in advance.
+ ### Related manifestations in the platform
+ - It depends on which channel you are presenting the document in and what the content is. For example, the document can be initiated by LA, which will be linked to an email response from the instructor, etc.
+ - It can be very useful to link to a click on the confirmation button. Imagine a document display with a button below it that says "Done", "Analysis complete", "Understood", "Read", etc. *Please note that this option is not yet implemented.*
+ ### Examples
+ - Incident response plan
+ - Analysis of the media situation
+ - Threat analysis
+ - Expert group report
+ - Warning from the national authority
+ - Opinion of the Authority
+ - Etc.
+
+
+
+??? "4. Inject type: Questionnaire/scale"
+ ### Inject description
+ Standard questionnaire - single choice or multiple choice. It can also act as a scale.
+ ### Channel
+ They are displayed in a special channel, which we refer to here as Questions. The channel can of course be called something else.
+ ### Overlay
+ The use is very appropriate.
+ ### Typical use in exercises
+ This type of inject is very suitable for strategic-management exercises for presenting scenario-related questions. For process-technical exercises it can also be used, for example towards the end of the exercise, to reflect on the steps taken.
+ ### Possible mistakes
+ - Avoid making the whole exercise just a questionnaire. Such exercises do exist, but it is not engaging for the participants and it does not fully exploit the potential of the platform.
+ - Avoid making the exercise look like a knowledge test. Questionnaires can often be about expressing opinions (e.g. scales) rather than factual accuracy.
+ ### Related manifestations in the platform
+ - Submiting of questionaire is manifestation itself.
+ ### Examples:
+ - Assessment of the gravity of the situation
+ – Reflection of actions
+ - Probability assessment
+ - Answer a factual question about the scenario (legal, organisational and technological aspects, competences, ...).
+ - Etc.
+
+??? "5. Inject type: Decision point"
+ ## Not yet implemented
+
+ ### Inject description
+ This is a similar inject to the questionnaire. However, the difference is that some options can be linked to another, automatic response in the platform. The number of options for a decision is 2-5.
+ - Simple example: decide the situation to communicate YES/NO to the public. If you choose "NO", the platform will respond by receiving an email a few minutes later from a curious journalist who has heard about the situation.
+ ### Channel
+ These injects are displayed in a special channel, which we refer to here as Questions. The channel can of course be called something else.
+ ### Overlay
+ The use is very appropriate.
+ ### Typical use in exercises
+ This type of inject is very suitable for strategic-managerial exercises for situations where it is necessary to choose one of the options. It is particularly useful when you want to emphasize the importance of a decision. Using this type of inject will draw more attention to the decision and is likely to lead to discussion.
+ ### Possible mistakes
+ Avoid creating too many alternative paths - such an exercise will be much more difficult to prepare and most of the content will not be seen by participants anyway. Simplification is desirable.
+ ### Related manifestations in the platform
+ - Submiting of decision point is manifestation itself.
+ ### Examples:
+ - Ransomware ransom
+ - Contacting the authority/stakeholder
+ - Escalation
+ - Declaration of a state of emergency.
+ - Etc.
+
+
+
+??? "6. Inject type: Free form"
+ ## Not yet implemented
+ ### Inject description
+ Inject with open response, can contain input in the form of image, video or text. Participants respond in the form of free text.
+ ### Channel
+ These injects are displayed in a special channel, which we refer to here as Questions. The channel can of course be called something else.
+ ### Overlay
+ The use is very appropriate.
+ ### Typical use in exercises
+ This inject is very suitable for strategic-management exercises.
+ ### Possible mistakes
+ - Too long or complex assignments.
+ - Not using the possibility of conditioned responses to the free forms. It can enhance the exercise participants.
+ ###Â Related manifestations in the platform
+ - Firstly, there is the actual submiting of the free form inject, which is sufficient if we don't need to evaluate the content during the exercise.
+ - Secondly, it is the instructor's response - i.e., the instructor reads the content and evaluates the fulfillment of a predefined condition - accordingly, he chooses a response that can trigger further automated steps.
+ ### Examples:
+ - A short description of an incident in the text and a request for participants to briefly describe the first steps they will take in their organisation in response.
+ - Similarly, they can present arguments, summarise their position, assess the situation, etc. The assignment can take the form of text, image or video.
+
+
+
+??? "7. Inject type: Media"
+ ## Not yet implemented
+ ### Description of the inject
+ Media injects are currently a combination of media outputs and specifically named channels that is an abstraction of a real-world channel (the platform does not attempt to mimic the look of social networks or websites).
+ - There may be more than one such channel in each exercise. Let's take a few examples: websites of different organizations, social networks, mass media or intranets. Injects can be in the form of plain text, or graphic materials (e.g. a Facebook post screenshots) or a prepared video can be inserted into the platform.
+ ### Channel
+ In general, we refer to this channel as "media." It's likely that multiple media channels with different names can be used during the exercise. For example, you could have one media channel called "FB" to display screenshots of FB posts, and another channel for the national cybersecurity authority’s website to display warnings.
+ ### Overlay
+ It may be appropriate in some cases - e.g. breaking news, warnings, etc. It always depends on the exercise scenario.
+ ### Typical use in exercise:
+ - Website or intranet: e.g. www.narodniautorita.cz and posts here can be titled as blog, warning, etc. In the same logic, the feeds can be, for example, the website of a practitioners' organisation or other relevant body. Pre-prepared graphics (i.e. screenshots from the web, etc.) can also be used.
+ - Mass media: works similarly to the previous one. It is very useful to use pre-prepared graphic materials or videos. The media can report on a current crisis that affects the practitioners directly or just changes the context of the exercise.
+ - Social media –specific posts can influence the perception of the situation in the exercise from the point of view of ordinary people or our target groups. Again, this can relate directly to the situation in the scenario (response to a service outage) or a more general trend that will influence future decision making.
+
+ ### Possible mistakes
+ - The platform does not currently style specific media channels - it is therefore advisable to use pre-prepared graphics or videos within them.
+ - Inconsistency with the "media behaviour" of the target group: choose channels that are actually relevant for the exercise. Do not try to use media channels just because you have the opportunity.
+ ### Related manifestations in the platform
+ - It very much depends on the context of the scenario. The related manifestations in the platform can be very explicit. For example, we expect participants to immediately contact their PR department in response to the report they have seen, or we may ask them some form of question - an interactive inject - depending on the events presented in the media. Finally, we can imagine that media injects only help to complete the context of the exercise and are not closely linked to any specific activity.
+
+ ### Examples:
+ - Negative reactions on Facebook in response to our service outage.
+ - TV report on the terrorist attack in our city.
+ - A hateful blog post on a organization's website that appeared here because of stolen login credentials.
+ - Warning from the IT department on the organisation's intranet.
+
+??? "8. Inject type: Off-platform activity"
+ ## Not yet implemented
+ ### Inject description
+ Sometimes it can really make sense to include an off-platform inject. This increases our possibilities for creating interesting scenarios. Technically, this is an instruction in the platform that is combined with a confirmation button. Example: Instruction 'Discuss now three action steps that you could implement in your organization later this month. Once you have that, click on the button." And below that instruction would be a confirmation button "Done".
+ ### Channel
+ The confirmation button will display in Exercise information channel.
+
+ ### Overlay
+ It is very useful for injecs of this type.
+
+ ### Typical use in exercise:
+ - Invitation to participants to discuss something.
+ - Invite a representative of the team to attend a physical interview with the journalist.
+ - Call for a representative to go to the classified room and see documents that other members do not have access to.
+ ### Possible mistakes
+ - By having the activity take place outside the platform, think about its evaluation. It may be followed up by other LAs - e.g. writing a summary in an email to a supervisor, etc. Or you can also decide to evaluate it outside the platform - e.g. a journalist will conduct an evaluation of the interview, according to the criteria given.
+ ### Related manifestations in the platform
+ - Click on the confirmation button. However, it should be added that off-platform activities can also be stimulated by other injects - for example, an email instruction arrives for an off-platform task, after which a response is required. Thus, it mainly depends on the creativity of the designer.
+ ### Examples:
+ - Crisis interview.
+ - Press conference.
+ - Convening a crisis meeting that takes place in person and where, for example, participants must present the situation to management.
+ - Discussion on a predefined topic.
+ - Telephone interview.
+ - Obtaining information from a classified document.
+
+
+??? "9. Inject type: Hint"
+ ### Inject description
+ It's a form of conditioned inject that activates if participants miss an action, take the wrong action, or become stuck.
+ Example - participants did not report the incident to management, but should have. The hint can be automated or sent by the instructor on an ad hoc basis.
+ - **Automated hints:** are set in advance, in response to something happening or not happening by a certain time. These hints are set based on exercise designer intuition about what might be causing the problem or data gathered from earlier runs of the exercise.
+ - **Ad hoc hints:** are created and sent by the instructor in response to unexpected developments during the exercise.
+ ### Channel
+ Hints are displayed in the exercise information channel.
+ ###Â Overlay
+ It is very suitable to use it.
+ ###Â Typical use in an exercise
+ - We want to alert participants to a misstep, an omission of an action, or help them move on.
+ - If you were creating some form of tutorial, you could also use them for positive feedback.
+ ### Possible mistakes
+ - Overuse of hints - they should be used very sensitively and only when absolutely necessary - i.e. when it is not possible to nudge the participants with another form of inject - for example with an email from an exercise entity (this form of ingame hint is usually much better).
+ - Overuse of ad-hoc hints - if possible, rely instead on pre-prepared hints that come for selected situations.
+ - We do not recommend using hints to give positive feedback during exercise because uncertainty is an important part of the exercise.
+ ### Related manifestations in the platform:
+ - The purpose of the hint is to alert users that they should engage in a learning activity.
+ ### Examples:
+ - Participants forget to contact their CISO, the whole scenario freezes because of this. Hint suggests to do it.
+ - The participants convened the crisis staff too early - hint suggests to proceed with further communication after the requirements given in the respective process have been fulfilled.
+ - In the tutorial we’ve designed for our students, we aim to confirm the correct use of the tool. Specifically, when the student clicks on the required action using the tool, an overlay hint appears, confirming that they have successfully completed the step.
+
+
+## Conditional injects
+Finally, we would like to say a few words about conditional injects. It should be emphasized that this is not a specific type of inject, but a feature of any of the injects described.
+
+It means that a conditional inject comes to the participants in response to the fact that something has either happened (we have decided on some option) or something has not happened by a certain time and it is e.g. appropriate to send a hint.
+This is further explored in Section called [Advanced approaches](../specify/advanced_approaches.md).
+
+
+
+
+
+<div class="navigation" markdown>
+ [← Learning activities](../specify/learning_activities.md){ .md-button }
+ [Tools →](../specify/tools.md){ .md-button }
+</div>
+
+<div class="navigation" markdown>
+ [Specification Phase Overview](../specify/overview.md){ .md-button }
+</div>
+
+
+
+
+
+
+
+
+
+
diff --git a/docs/INJECT_process/specify/learning_activities.md b/docs/INJECT_process/specify/learning_activities.md
new file mode 100644
index 0000000000000000000000000000000000000000..47c9c40541787bf6ee461ceb41a00dc01c06f408
--- /dev/null
+++ b/docs/INJECT_process/specify/learning_activities.md
@@ -0,0 +1,120 @@
+# Learning Activities
+
+## In a nutshell
+- Learning Activities (LAs) are actions that the trainee performs that are directly reflected in the platform. This then allows us to evaluate their performance.
+- Each LA is linked to just one Learning Objective (LO). One LO can link any number of LAs to itself.
+- We consider the ideal number to be 5 LAs for a single LO.
+---
+
+## Where are we in the INJECT process?
+
+
+
+---
+
+
+## Basics
+The exercise designer must be clear about three things for each LA:
+
+1. **What specifically the participant is to do/practice**.
+For example, he/she has to decide, analyze, present, discuss, etc. The chosen activity must make sense in relation to the LO to which the LA relates.
+
+2. **How will the participants`action manifest itself in the platform**
+If we omit this step, it is difficult for us to measure the fulfilment of the action. This condition does not mean that everything during the exercise must happen directly in the platform. For example, you can give participants an LA which purpose will be to discuss an issue in detail; we will link it to the platform with a confirmation button (described further) that participants activate at the end of the discussion. This step is fundamentally related to the following one and cannot be simply separated.
+
+3. **We need to know which inject will trigger this LA**.
+In other words, the LA will not happen unless the participant receives the necessary cue. It is not necessary for each LA to have a specific inject. On the contrary, one inject can easily become the source for several LAs. For example, a simple incident report will trigger a series of LAs based on the incident response plan.
+
+## How to specify Learning Activities?
+### 1.
+
+**LA is always determined in relation to LO**. Let's illustrate this with an example where we create an LA for this LO: Handle the incident according to the process described in their manual.
+
+Now we need to find an answer to what exactly the participants should do. We can find this out in several ways - but mainly from the processes described, from interviews with experts or from our own experience.
+
+If there is not an exact match to a given LO, or if we want to get more variety into our LAs, we can use these action words:
+
+```
+Identify, Search, Summarize, Predict, Decide, Estimate,
+
+Conduct, Compare, Examine, Present, Implement, Act out,
+
+Break down, Argue, Negotiate, Criticize, Reflect,
+
+Review, Write, Solve.
+```
+
+
+In our case, we have created the following three LAs.
+
+LA1.1: Participants must **conduct** an incident analysis.
+
+LA1.2: The parties must **decide** whether the incident needs to be escalated.
+
+LA1.3: Participants should **identify** the next appropriate course of action.
+
+### 2.
+Now we have to decide **what they will specifically do in the platform within the given activities and what injects will make them do it.** These steps are closely linked, they cannot be separated.
+
+In the platform, participants can generally perform the following actions:
+
+- *Clicking the confirmation button after participants have performed the LA* - this manifestation is great for LAs that don't have another clear manifestation in the platform, specifically:
+ - LA takes place primarily in the minds of the participants - e.g. analysing documents, familiarising themselves with the situation, reading instructions.
+ - LA takes place outside the platform: participants have to discuss something, present something, be interviewed by a journalist, etc.
+
+- *Establishing email communication* - participants sent the first email to the given address. LA is filled just by sending the email. Note that for each unique address, this action is only recorded once by the platform.
+
+- *Email response from the instructor* - very often just sending an email will not be enough to show us that LA is fulfilled. In fact, the previous manifestation does not evaluate the content. In this case, the instructor reads the email and if the content is appropriate, he/she responds using a template that also indicates the fulfillment of the LA in the platform.
+
+- *Submitting an interactive inject* - participants submit a questionnaire, scale or decision.
+
+- *Response in free form inject with open response* - the manifestation is already a separate sending, we do not need to respond to the sent content further within the scenario.
+
+- *Instructor response to free form inject with open response* - same principle as instructor email response.
+
+- *Participants used a predefined tool.* Tools are a specific capability of the platform designer. We describe them in more detail in section called [Tools](../specify/tools.md)).
+
+
+But what is the most appropriate way of the platform manifestation?
+The answer to this question depends largely on your experience and intuition. It is true that the same LA can manifest in different ways, and it is always closely related to the type of inject. The designer's task is to choose the one that makes sense in terms of the LO. Let's flesh this out further and work with the LA from the previous step.
+
+Note: **In the Specification Phase, you cannot proceed in a completely linear fashion**. The following examples may not make sense to you until you read the description of [Injects](../specify/injects.md).
+
+#### Examples:
+
+a. LA1.1: Participants must conduct an incident analysis.
+
+- As exercise designers, we decided that the inject that would be associated with this LA would be to report the incident via email. However, this email will not contain all the necessary information. Therefore, we know that the logical outcome of a successful analysis will be to query the missing information.
+- Thus, the most appropriate manifestation in the platform will be an email response from the instructor. Simply establishing email communication would not suffice as a relevant manifestation in the platform, we need to be sure that the participant has asked for what they really need to know.
+- Is there another way to do it? Yes, we could send a report to the participants and let them confirm the analysis with a confirmation button. Or we could send participants a Free form inject with an open response and the action in the platform would then be the instructor's response.
+
+b. LA1.2: The parties must decide whether the incident needs to be escalated.
+
+- Again, it depends on the injection. Fulfillment of this activity can be manifested, for example, by sending an interactive decision injection, an email response from the instructor, or by the instructor's response to a free form inject.
+
+c. LA1.3: Participants should identify the next appropriate course of action.
+
+- Similarly, participants here may receive an email from a supervisor as an inject, asking them for their next suggested steps. The manifestation can be just sending the email.
+- Or they can get the same question in a free form injection with an open-ended answer, and the manifestation can also just be a simple submission.
+
+The above are just examples. Once you understand the principles, you can easily make a series of connections to fit your scenario.
+
+
+
+
+
+
+
+
+
+
+
+
+<div class="navigation" markdown>
+ [← Learning objectives](../specify/learning_objectives.md){ .md-button }
+ [Injects →](../specify/injects.md){ .md-button }
+</div>
+
+<div class="navigation" markdown>
+ [Specification Phase Overview](../specify/overview.md){ .md-button }
+</div>
diff --git a/docs/INJECT_process/specify/learning_objectives.md b/docs/INJECT_process/specify/learning_objectives.md
new file mode 100644
index 0000000000000000000000000000000000000000..d77cc20db27596110a10efc3343252bcc5e2af51
--- /dev/null
+++ b/docs/INJECT_process/specify/learning_objectives.md
@@ -0,0 +1,69 @@
+# Learning Objectives
+
+## In a nutshell
+– Learning Objectives (LOs) specify what the trainee should learn or practice.
+– They must be set in a way that best responds to the needs for which the exercise was created.
+– LOs are the basic units that give structure to the whole exercise. Each LO is further decomposed into specific participant actions - learning activities (LAs).
+---
+
+## Where are we in the INJECT process?
+
+
+
+---
+
+## Basic types of exercises
+There are two basic ways to approach the exercise. We discuss them in detail in Link: Section 5, but you should already know about them because it will allow you to think better about the LO of the whole exercise.
+
+
+### Type One: Strategy and Management Exercise
+
+In this exercise, participants are presented with individual problems in the form of free forms, questionnaires, scales, decision tasks, media inputs, etc. It is more suitable for more general scenarios or managerial positions, but can also be prepared for CSIRT members.
+
+
+### The second type: process-technical exercises
+This exercise is based on an attempt to simulate the course of a process. The main input here is e.g. a document describing the response to incidents etc. Injections here are primarily via emails, it is possible to use abstraction of specific tools or measures and at the end there is a reflection part containing questionnaires or open questions.
+
+**Beware, if you don't have the actual organization and process as a basis, you will be in a very difficult situation as a designer.** In fact, if the organisation does not exist, you have to create it completely - a task that exceeds the contribution of TTX in its complexity. This is because the designer is at an impasse when trying to replicate the processes within the organisation, as every idea and conjecture has to be somehow explicitly communicated to the participants in order for them to have a chance of successfully completing the exercise, but this means that instead of the TTX itself, the participants spend much more time learning to understand this imaginary organisation.
+
+In addition, **you can also create your own type that combines the above options**, but if you are starting out, it is better to think about one of the two specific types of exercises.
+
+## How to specify Learning Objectives?
+### Specification of Learning Objectives by topic
+Suppose we are designing an exercise for a public sector organization for which we have defined in the Understand phase the main need for the exercise as the ability to handle a cyber-attack involving a major leak of personal data.
+
+Depending on this, we have to ask the question: **What specifically should the involved employees handle in such an incident?** If I don't know the answers, I need to study best practices, talk to experts, or research available plans or processes. Let's assume that we have done all this and based on this we already define specific objectives for the exercise.
+
+Participants should:
+1. Manage the incident in accordance with the process outlined in their manual.
+2. Communicate clearly with all stakeholders.
+3. Decide whether and how to communicate with the national data protection authority.
+4. Suggest appropriate ways of dealing with the incident.
+5. Reflect on the incident and learn from it.
+
+It is recommended to choose a **maximum of 7 LOs**. Remember that each LO will be further broken down into learning activities.
+
+### Specification of Learning Objectives as time phases
+We primaly recommend to specify LOs by topic, because it allows you to make a very quick assessment of the success of each area at the end of the exercise and thus adjust the focus of the hot-wash at the end.
+
+However, there is also a second approach that specifies LOs as time phases. Suppose we still have the same need, but we want to emphasize the time and escalation factor more in the exercise. You can then take inspiration from the different phases of crisis management or we can have LO described simply as:
+ LO1: Preparation phase / Week before D-day
+ LO2: Evaluating the first indications / Two days before D-Day
+ LO3: Incident management / D-Day
+ LO4: Final phase / Week after D-day
+
+**The choice of approach to determine LO is not a technological choice, the implementation is always the same.** However, the choice of LO determination will **greatly influence how you think about the exercise or how easy it is to evaluate**.
+
+A fundamental requirement for success is that the LOs you set make sense in relation to why you are preparing the exercise. Anyway, please don't set anything now, familiarize yourself with the other sections first, it will make the whole job much easier.
+
+
+<div class="navigation" markdown>
+ [← Specification Phase Overview](../specify/overview.md){ .md-button }
+ [Learning activities →](../specify/learning_activities.md){ .md-button }
+</div>
+
+<div class="navigation" markdown>
+ [INJECT Process Overview](../intro/overview.md){ .md-button }
+</div>
+
+
diff --git a/docs/INJECT_process/specify/learning_objectives_and_activities.md b/docs/INJECT_process/specify/learning_objectives_and_activities.md
deleted file mode 100644
index 094d784acda2c3f97857336dbfade9ec7d823cb1..0000000000000000000000000000000000000000
--- a/docs/INJECT_process/specify/learning_objectives_and_activities.md
+++ /dev/null
@@ -1,30 +0,0 @@
-TBD
-
-5. Addons storylines
-
-Common mistake
-
-- do not try to create entirely new organization with the new rules and situates scenario in this
-- the results is simplification on the organization side
-- the participants are forced to understand the rules you definied, e.g. fictious processes etc. instead of thinking about their own experiences and applying the knowledge they already possesed or discovering gaps in current procesess
-
-- na základÄ› zĂskanĂ˝ch informacĂ
-- nynĂ tvoĹ™Ăme strukturu, v dalšà fázi do nĂ budeme pĹ™ipravovat obsah
-
-Definice cĂlĹŻ a dekomponovanĂ˝ch aktivit chovánĂ
- - cĂle ve vztahu Trainee si majĂ procviÄŤit XY – specificky, komplexnÄ›jšĂ, urÄŤitá oblast, ...
- aktivta_ podĹ™azenĂ© pod cĂl, dekomponovanĂ© a má projev platformÄ›
- . z hlediska vyhodnocovánĂ
-- pĹ™Ăklady!
- projevy v platformě .... jaké jsou
- co konkrĂ©tnÄ› s tĂm dÄ›lat –> bloom
- zajĂmaá inspirace ukázat Ĺľe napsánĂ emialu mĹŻĹľe naplnit rĹŻznĂ© aktvity v bloomu – je to inspirace, nikoli dogma
-
-
- - Injecty – co, tÄ›m lidem musĂme dát za informace/Ăşkoly
- - pĹ™ ideifnici injectĹŻ se moĹľná znovu vrátĂme k aktivitám, ten proces nenĂ lineárnĂ
- - pořadà injectů
-
-- paralelnĂ cesty ...
-
-- dalšà role
diff --git a/docs/INJECT_process/specify/overview.md b/docs/INJECT_process/specify/overview.md
index 04107f1aaa5d62fdc8a1e7bc45c5ac8a9bfa0db2..87b3ba0d9b11c40a4007de3aeb1cde6fc325bdd0 100644
--- a/docs/INJECT_process/specify/overview.md
+++ b/docs/INJECT_process/specify/overview.md
@@ -1,11 +1,25 @@
-# DEFINE: clearly outline exercise essentials
+# SPECIFY: objectives, activities, injects, exercise
## In a nutshell
-- This is the second phase of the INJECT process, focused on defining clear exercise objectives.
-- Involves breaking down objectives into specific learning activities and creating the main and parallel inject lines to form a cohesive scenario.
-- Results in a well-structured scenario that guides the entire exercise.
+- This is the second phase of the INJECT process, focused on exercise specification. We assume phase assumes that the exercise designer is already familiar with the scope as defined by the Understand phase.
+- This is the most important of all phases. It can be compared by analogy to the preparation of a construction plan.
+- The goal of the phase is to specify an exercise that meets the needs of the client and can be implemented in the IXP environment.
+
+##Â Quick navigation
+
+<br>
+<div class="result" markdown>
+ <div class="grid cards" markdown>
+- [Learning objectives](../specify/learning_objectives.md)
+- [Learning activities](../specify/learning_activities.md)
+- [Injects](../specify/injects.md)
+- [Tools](../specify/tools.md)
+- [Exercise specification](../specify/exercise_specification.md)
+- [Advanced approaches](../specify/advanced_approaches.md)
+ </div>
+</div>
---
## Where are we in the INJECT process?
@@ -14,165 +28,44 @@
---
-!!! Disclaimer
- At this part of the documentation, we will include a guide for the Editor.
- However, please note that the Editor's functionalities are still undergoing extensive iteration.
- As a result, this section is not currently included in the documentation.
-
-## 1. Define Learning Objectives and Activities
-
-### Learning Objectives (LO)
-
-A comprehensive goal of the exercise that addresses specific needs.
-Learning objectives are derived from what participants should actually do during an incident or in a certain situation to handle it in the best possible way.
-There can be multiple learning objectives in a single exercise, but we recommend a maximum of five.
-
-Examples:
-
-- LO1: Handling an incident in accordance with a defined process.
-- LO2: Clear communication with all stakeholders.
-- LO3: Making the right decision regarding contacting the OU and applying GDPR.
-- LO4: Designing appropriate actions in response to the incident.
-- LO5: Reflecting on the incident.
-
-### Learning Activities (LA)
-
-Learning Activity (LA):
-The decomposition of learning objectives into individual, actionable tasks.
-Each learning objective can have multiple learning activities, but we recommend a maximum of five.
-
-Examples:
-
-- LO1: Handling an incident according to a defined process.
- - LA1.1: Conduct a correct analysis of the incident and request any missing information.
- - LA1.2: Establish the incident in the ticketing system.
- - LA1.3: Apply relevant parts of the incident handling manual, such as contacting management, PR, and the officer in charge.
-- LO2: Clear communication with all stakeholders.
- - LA2.1: Compose a brief email to management, outlining the minimum required information and next steps.
- - LA2.2: Draft an email to the communications team highlighting potential communication risks.
- - LA2.3: Ensure the email to the trainee is consistent with the requirements of the Initial Handling Manual.
-
-??? "Systematic Approach to Creating Learning Activities"
-
- ### 1. Platform Actions for Trainees
-
- Firstly, understand the possible actions trainees can perform on the platform:
-
- - Sending an email
- - Using a tool
- - Activating an interaction element (confirmation, decision, answering a questionnaire)
-
- ### 2. Bloom's Taxonomy Inspiration
-
- Secondly, combine these actions with various actionable verbs from Bloom's taxonomy to create interesting and diverse learning activities.
- Bloom's taxonomy is a framework for categorizing educational goals and activities.
- Here are some relevant verbs for tabletop exercises:
+## The description of this phase
+It is divided into five sections, which describe all the essentials. It is recommended to go through them one by one, as they build on each other and form a kind of simple introductory crash course to help you use the possibilities of IXP.
- - Identify
- - Search
- - Summarize
- - Predict
- - Decide
- - Estimate
- - Compare
- - Examine
- - Present
- - Implement
- - Act out
- - Break down
- - Argue
- - Negotiate
- - Criticize
- - Reflect
- - Review
- - Write
- - Solve
+1. First, we will discuss **[Learning objectives](../specify/learning_objectives.md)**, which will define what exactly the participants are supposed to learn or practice.
- #### Examples
+2. Next, we will focus on **[Learning activities](../specify/learning_activities.md)**. Each learning objective is about specific actions that we expect from the participants of the exercise.
- - **Example 1:** Suppose you choose an email as an action for the trainees.
- Now, using the action words, you can realize that an email asking for a summary is different from one requiring a decision.
- - Summarize: "Compose an email summarizing the incident details and the initial response actions."
- - Decide: "Send an email deciding whether to escalate the incident to upper management."
- - **Example 2:** Asking participants to make a decision via an email versus a specific questionnaire can lead to different outcomes and experiences.
- - Email: "Draft an email explaining your decision on how to handle the data breach."
- - Questionnaire: "Complete the questionnaire to decide the next steps in the data breach protocol."
+3. The third section focuses on **[Injects](../specify/injects.md)**, which are in turn inputs designed to stimulate learning activities. Simply, you can think of them as tasks.
- By systematically combining platform actions with Bloom's taxonomy verbs, you can design comprehensive and engaging training experiences.
+4. The fourth section describes one of the innovations that the IXP brings, and that is **[Tools](../specify/tools.md)**. They allow TTX to be enriched by the abstract use of organizational or technical measures.
- ### 3. Alignment with the learning objectives
+5. In Section 5, we will look at **[Two basic ways how to specify exercises](../specify/exercise_specification.md)**.
- Thirdly, check that created activities are aligned with the defined learning objectives.
+6. The sixth section focuses on **[Advanced approaches](../specify/advanced_approaches.md)**. Specifically,the possibility of using conditioned responses, and the connection of all elements.
-## 2. Compose the Main Storyline
+7. The seventh section /*has not been addressed yet*/ should cover the **different roles in the exercise**.
-Once you have defined the desired learning activities, you can begin creating your scenario.
-- **Define the Main Injects**:
- Based on the needs, goals, learning activities, and information gathered during the understanding phase, identify the main injects that will drive the exercise.
+!!! Important
+ - **Please note, this is not a step-by-step guide!** Why? The three basic elements of the exercise, learning objectives, learning activities and injects, are closely related. They need to be understood first and then worked with.
+ 
+ - There is no point in defining learning activities until you have at least a framework of what injects you will be able to prepare. Nor does it make sense to design the injects first and then to think of objectives and learning activities for them.
+ - In short, there is a dynamic between all three parts that requires initial thought. But that investment will pay off handsomely in the quality of the exercise and the experience you prepare for your participants.
+
+!!! Glossary
+ We use several terms in the INJECT process that may be unfamiliar, but you can always find their definitions in our [glossary](../../glossary-of-terms.md).
-- **Align Injects with Learning Activities**:
- Ensure that each inject aligns with the learning activities it is designed to drive.
- Injects can take various forms and be delivered through different channels, such as emails, notifications, or simulated media.
-- **Avoid Overloading with Injects**:
- It is not necessary to create an inject for every learning activity.
- Often, a single inject about an incident can trigger multiple learning activities.
- Focus on creating impactful injects that promote a series of related actions and decisions.
-- **Iterative Process**:
- Be prepared to iterate.
- You may need to step back and modify the learning activities or injects as you refine the scenario.
- Flexibility and responsiveness to new insights are key to developing an effective exercise.
-
-### Designing Parallel Variants
-
-The INJECT Exercise Platform allows you to design "parallel" variants, enriching the exercise experience through conditional responses.
-This means that at specific points in the exercise, the scenario can branch based on the trainee's actions.
-Here’s how you can effectively design these variants:
-
-- Identify Key Decision Points: Determine the crucial moments in the exercise where trainees' decisions or actions could lead to different outcomes.
- These points are where you can introduce parallel variants.
-- Create Conditional Responses: Design responses that reflect the trainee's decisions.
- These responses should be logical consequences of their actions, enhancing realism and engagement in the exercise.
-
-Examples:
-
-- Decision to Pay Ransom:
- If a trainee decides to pay the ransom, the next inject will reflect this decision, potentially leading to new challenges or consequences.
-- Failure to Contact PR Department:
- If a trainee forgets to contact the PR department, they will receive a hint, nudging them to take the necessary action.
-
-##Â 3. Designing Add-on Storylines
-
-In addition to the main scenario, you can enhance the exercise by designing add-on storylines.
-These additional elements are not crucial for achieving the primary learning objectives but can make the exercise more engaging and realistic.
-
-- **Identify Potential Add-ons**:
- Think of scenarios or incidents that could logically occur alongside the main storyline.
- These should be relevant but not essential to the primary objectives.
-
-Example:
-
-- Customer Reactions:
- Introduce an add-on storyline where trainees receive angry emails from customers reacting to the accidental blocking of a legitimate website.
-
-## Final Remarks
-
-While the definition phase may appear straightforward, it is often a complex and iterative process.
-You will find yourself continually refining learning activities and main storyline injects.
-
-However, don't be discouraged by the messiness of this phase.
-With each scenario you define, the process becomes more streamlined and manageable.
-
-By the end of this phase, you will have developed an exercise scenario, which serves as the cornerstone for the preparation phase.
-Remember, the effort invested in crafting a robust scenario will ultimately contribute to the success of the entire exercise.
<div class="navigation" markdown>
[← 1 Understanding phase](../understand/overview.md){ .md-button }
[3 Preparation phase →](../prepare/overview.md){ .md-button }
</div>
+
+
<div class="navigation" markdown>
[INJECT Process Overview](../intro/overview.md){ .md-button }
</div>
+
diff --git a/docs/INJECT_process/specify/storyline.md b/docs/INJECT_process/specify/storyline.md
deleted file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000
diff --git a/docs/INJECT_process/specify/tools.md b/docs/INJECT_process/specify/tools.md
new file mode 100644
index 0000000000000000000000000000000000000000..d7011a854be217b3c457969cffb57c0c1edf25f0
--- /dev/null
+++ b/docs/INJECT_process/specify/tools.md
@@ -0,0 +1,64 @@
+# Tools
+
+## In a nutshell
+– In this section we will focus on the tools that are one of the innovations that IXP brings to tabletop exercises.
+– The tools allow to enrich the exercise by using organizational or technical measures.
+– You don't have to use the tools in the exercise, but it's good to know about this option.
+
+---
+
+## Where are we in the INJECT process?
+
+
+
+---
+
+## Basic types of exercises
+Tools are abstractions of actual technical tools or organizational processes. **This means that they perform the same function, but they do not look the same and simplify the situation considerably.** They work only on the key-value principle and are listed in a special channel called "Tools".
+
+
+### Some examples of usage:
+- When you enter an IP address in the tool box, the address is blocked in the context of the scenario. The tool will return information about the blocking and other actions can follow (e.g. email of an angry user).
+- When the "Report an incident to the Authority" tool is activated, information about a successful report is displayed, and in the reality of the scenario, participants can then receive an email from the Authority.
+- A specific tool can be a contact list, which returns the relevant contacts for the exercise after listing the argument.
+- The tool can also return a pdf document - for example, you can create a tool to request a report that will then come directly into the Tools channel.
+
+### What Can Be a Tool:
+- Organization-wide user alerts.
+- Report the incident to the authorities.
+- Issue of the TS.
+- Convene the crisis meeting.
+- IP address blocking.
+- Listing network traffic.
+- DNS lookup.
+- Contact database.
+- Antivirus.
+- Backup.
+- Managing updates.
+- Etc.
+
+
+## Good to know
+
+- Tools outputs in the "Tools" channel.
+- The use of the tool is an LA to be related to a specific LO.
+- The output from the tool can initiate another LA -> for example, we can get the necessary contact details and send an email. This means that I don't have to send this information to subscribers via specif inject anymore (but I can).
+- The output from the tool doesn't have to be just text - it can also be an image from the actual tool, for example.
+- Especially technically oriented users can look for real solutions behind the tools. Make sure they understand the nature of the tools in the platform.
+- Don't give participants tools they don't even normally have. If your participants are part of the communications team, they probably won't be responsible for reporting the incident to the authorities or blocking the IP address.
+- Don't oversimplify the wrong tools in relation to tool - if the participants are in the role of CEO or board, the tool to issue a press release makes sense. If they're members of the communications team, this tool is more likely to put them in a bind - they'll want to write the release themselves in that case.
+- For tools that are organisational measures, it will often be the case that a similar thing could also be done by email. For example, organization-wide user alerts against phishing. If we make a measure into a tool, we give it a special importance and the participants become more aware of it. At the same time, you can intentionally confuse participants by giving them tools they won't actually need during the exercise. For example, we give participants the option of using the tool to convene a crisis meeting, even though according to the procedural procedures it will not make sense to use it. And if they use it? We can sent them an angry email from their boss or a hint that will explain that they used the tool wrongly.
+
+ We can then enhance the light instruction element by having a negative email or explanatory hint come in response to the activation.
+
+
+
+
+
+<div class="navigation" markdown>
+ [← Injects](../specify/injects.md){ .md-button }
+ [Exercise specification →](../specify/exercise_specification.md){ .md-button }
+</div>
+<div class="navigation" markdown>
+ [Specification Phase Overview](../specify/overview.md){ .md-button }
+</div>
diff --git a/docs/INJECT_process/understand/overview.md b/docs/INJECT_process/understand/overview.md
index 2e4c0f3d8e85396d4c06c30320cf254030f60398..ab6863de3f3fb71f99640b5a70bfba6b6ace7391 100644
--- a/docs/INJECT_process/understand/overview.md
+++ b/docs/INJECT_process/understand/overview.md
@@ -64,6 +64,16 @@ One good way to dig deeper is by using the 5 Whys method.
- Repeat this process, noting down each subsequent answer and asking "Why?" again, at least for the next four rounds.
- After this, determine if you've uncovered any new insights that might impact the next exercise preparation.
+#### Determine the preferred type of the exercise
+ - **Type One: Strategy and Management Exercise**
+
+ In this exercise, participants are presented with individual problems in the form of free forms, questionnaires, scales, decision tasks, media inputs, etc. It is more suitable for more general scenarios or managerial positions, but can also be prepared for CSIRT members.
+
+
+ - **The second type: process-technical exercises**
+ This exercise is based on an attempt to simulate the course of a process. The main input here is e.g. a document describing the response to incidents etc. Injections here are primarily via emails, it is possible to use abstraction of specific tools or measures and at the end there is a reflection part containing questionnaires or open questions.
+
+
#### Determine the preferred setup for the exercise
Different setups offer unique requirements and possibilities that will influence next phases.
diff --git a/docs/images/00.png b/docs/images/00.png
index ce9e2928e95eea1c14915a5eac7c78af8e20265d..bc0f7f183e5c4419516cd24d7ab535cea8642d05 100644
Binary files a/docs/images/00.png and b/docs/images/00.png differ
diff --git a/docs/images/01.png b/docs/images/01.png
index 03267cd530a0222f3d403e41c25a0dbf8bf8e31a..6a40e3975927a5fefb88cc6efd3cf2f7344a3492 100644
Binary files a/docs/images/01.png and b/docs/images/01.png differ
diff --git a/docs/images/02.png b/docs/images/02.png
index 1c9bcc78fb90f23bad8a0ddc14dfb44b08de6b03..c7b9d9ebcc706561ac720f34b6bcf39f30368d51 100644
Binary files a/docs/images/02.png and b/docs/images/02.png differ
diff --git a/docs/images/03.png b/docs/images/03.png
index fd6e43cbff8d592ce853a49c7d78480ed4d2b5ae..3487d39793920b166addbdcf29416d6080acac31 100644
Binary files a/docs/images/03.png and b/docs/images/03.png differ
diff --git a/docs/images/04.png b/docs/images/04.png
index 52b1c80fc784a3d264b178406e51a3076599b8aa..707e428ce66c778ef0f5e06c0df4598934dbede2 100644
Binary files a/docs/images/04.png and b/docs/images/04.png differ
diff --git a/docs/images/05.png b/docs/images/05.png
index c5adb5c6047bba4e4809ba2677d19684a5faa1d5..c2b01554bf2540296b0e4aaae15eb6b5b81cb67c 100644
Binary files a/docs/images/05.png and b/docs/images/05.png differ
diff --git a/docs/images/s00.png b/docs/images/s00.png
new file mode 100644
index 0000000000000000000000000000000000000000..4f7de5c23b33c1991655ad33214c8b8dcaa951c1
Binary files /dev/null and b/docs/images/s00.png differ
diff --git a/docs/images/s01.png b/docs/images/s01.png
new file mode 100644
index 0000000000000000000000000000000000000000..2cacc69495b7e862555090a08946bed76d86d2db
Binary files /dev/null and b/docs/images/s01.png differ
diff --git a/docs/images/s02.png b/docs/images/s02.png
new file mode 100644
index 0000000000000000000000000000000000000000..0e37353f836be2775a8a9c06652d6907b018ca5f
Binary files /dev/null and b/docs/images/s02.png differ
diff --git a/docs/index.md b/docs/index.md
index f47afe5ccacfe4200e8b2134ca73b46e86f705c0..3c0318904010378fd4e36f4dea81005869389a5c 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -39,6 +39,10 @@ Welcome! Whether you're responsible for technical deployment or facilitating tab
</div>
</div>
+!!! News
+ *September 30, 2024*
+ We’ve just released the second version of the INJECT Exercise Platform (v 2.0.0). The entire documentation has been updated to reflect this new version. If you’re still using the first version, we strongly recommend following the installation guide and upgrading to the latest release.
+
## The Big Picture
diff --git a/docs/report-issue.md b/docs/report-issue.md
index 44df5969a282d7521995c61d106aa9f6c11f5a1f..959aedf09a79a5ac8dccfe05b18d122e887afbb5 100644
--- a/docs/report-issue.md
+++ b/docs/report-issue.md
@@ -6,7 +6,7 @@ Before submitting a bug report, we recommend checking the [Known Issues](known-i
* In the subject line, briefly describe the nature of your inquiry (e.g., Bug Report: Application Crashes).
* In the body of the email, provide detailed information about the issue you are experiencing.
Include steps to reproduce the problem, screenshots (if applicable), and any other relevant details.
-* Also make sure to include the build number, which you can find in the Exercise Panel.
+* Also make sure to include the backend and frontend versions, which you can find in the Exercise Panel.
* Once you have filled out all the necessary information, click the send button to dispatch your email to us.
Project maintainers may reach out to you to gather more information or provide updates on the status of your inquiry.
diff --git a/docs/tech/installation/https/base-setup.md b/docs/tech/installation/https/base-setup.md
index f4365627a2d3ff849b3d084ab9572c08aa897169..942eec5b5a18b1befdf76f4f33f95fe1394d6e80 100644
--- a/docs/tech/installation/https/base-setup.md
+++ b/docs/tech/installation/https/base-setup.md
@@ -1,4 +1,4 @@
-For version 2.0.0 of IXP, download Compose preset folder for HTTPS Deploymentps from [here](https://gitlab.fi.muni.cz/inject/docker-deployment/-/package_files/221/download).
+For version 2.0.0 of IXP, download [Compose preset folder for HTTPS deployment using Let's Encrypt](https://gitlab.fi.muni.cz/inject/docker-deployment/-/package_files/221/download) and follow instructions below.
{%
include-markdown "../../../../files-from-repos/base-setup.md"
diff --git a/docs/tech/installation/overview.md b/docs/tech/installation/overview.md
index e14fee2b59846842424b231c3e84a781b2782756..31719295a63125b28e7de87c4ba110d739a55545 100644
--- a/docs/tech/installation/overview.md
+++ b/docs/tech/installation/overview.md
@@ -38,7 +38,7 @@ Source code for frontend and backend can be downloaded in these following URLs
- [Backend](https://gitlab.fi.muni.cz/inject/backend/-/releases)
-## Compatibility
+### Compatibility
To ensure that the downloaded versions of frontend and backend work correctly,
check that they have the same version in the name on their respective `Releases` pages.
@@ -48,9 +48,10 @@ E.g. `v2.0.0` of the frontend is fully compatible with `v2.0.0` of the backend.
1. Rename the unzipped directories to `frontend` and `backend` respectively.
1. Ensure that the `.env` file in the root directory is set up correctly as per the [setup guide](./setup.md).
1. Run `docker compose up`, if any errors occur please refer to the troubleshooting guides.
+1. Add admin (superuser) account by following [these instructions](./USERS.md).
## Conclusion
-By following the installation guide, you'll be able to successfully set up and run the IXP. After completing the installation, you may download this [Intro Definition](https://gitlab.fi.muni.cz/inject/inject-docs/-/raw/main/files-from-repos/intro-definition.zip?ref_type=heads&inline=false) and try to upload it to test the platform's functionality.
+By following the installation guide, you'll be able to successfully set up and deploy the IXP. After completing the installation, you may download this [Intro Definition](https://gitlab.fi.muni.cz/inject/inject-docs/-/raw/main/files-from-repos/intro-definition.zip?ref_type=heads&inline=false) and try to upload it to test the platform's functionality.
If you encounter any bugs, please refer to the [Known Issues and Fixes](../../known-issues.md) page for troubleshooting steps and solutions. If you require further assistance, don't hesitate to report them to us. The [Report issue](../../report-issue.md) page includes instructions on how to report bugs.
\ No newline at end of file
diff --git a/frontend b/frontend
index 6094423282207f6a198c18334aef905662eccc03..4ae05e52a1c1098971931d634b75bd834b1bf122 160000
--- a/frontend
+++ b/frontend
@@ -1 +1 @@
-Subproject commit 6094423282207f6a198c18334aef905662eccc03
+Subproject commit 4ae05e52a1c1098971931d634b75bd834b1bf122
diff --git a/mkdocs.yml b/mkdocs.yml
index 417999492720fe8dae708f496dfe522255016056..b46b9f2d0c104f050c5516791b675a76b0d0a34b 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -38,6 +38,12 @@ nav:
- Phase overview: INJECT_process/understand/overview.md
- 02 Specify:
- Phase overview: INJECT_process/specify/overview.md
+ - Learning objectives: INJECT_process/specify/learning_objectives.md
+ - Learning activities: INJECT_process/specify/learning_activities.md
+ - Injects: INJECT_process/specify/injects.md
+ - Tools: INJECT_process/specify/tools.md
+ - Exercise specification: INJECT_process/specify/exercise_specification.md
+ - Advanced approaches: INJECT_process/specify/advanced_approaches.md
- 03 Prepare:
- Phase overview: INJECT_process/prepare/overview.md
- 04 Execute:
diff --git a/showcase-definition b/showcase-definition
index 78c61a3ec30a3c408e184b3a93df82835e613bc4..d8d877da2081db9cf6f63785d833484cde49a4d5 160000
--- a/showcase-definition
+++ b/showcase-definition
@@ -1 +1 @@
-Subproject commit 78c61a3ec30a3c408e184b3a93df82835e613bc4
+Subproject commit d8d877da2081db9cf6f63785d833484cde49a4d5