Department of Electrical and Computer Engineering
Center for Cybersecurity Innovation & Outreach
Toggle Menu
Center for Cybersecurity Innovation & Outreach

CIME

What is a CIME?

A Cyber Incident Management Exercise (CIME) is a discussion-based exercise designed for non-IT leaders and staff to practice managing a cyber incident.

CIME focuses on the organizational challenges that arise when technology fails:

  • Who makes decisions?
  • How do we communicate?
  • What operations must continue?
  • What do we do when information is incomplete?

The goal is not to “fix the cyber problem,” but to keep the organization functioning while the incident unfolds.

What would you do during a cyberattack?
CIME sessions walk your team through realistic incident scenarios to test your readiness, roles, and recovery plans. Exercises are delivered in person, with preparation and follow-up to help you strengthen your response capacity.

Who participates in a CIME

Participants during the exercise

  • Executives and elected officials
  • Department heads
  • Finance, HR, legal, and communications staff
  • Frontline and administrative personnel

Who supports the exercise

  • IT and security staff (scenario development and realism)
  • Trained facilitators and exercise controllers

This separation keeps the focus on decision-making rather than technical troubleshooting.

What happens during a CIME

  1. Scenario introduction with limited technical detail
  2. Escalating injects focused on operational impact
  3. Decision points requiring discussion and judgment
  4. Communication challenges and trade-offs
  5. Facilitated debrief and lessons learned

What participants leave with

  • A clearer understanding of their role during a cyber incident
  • Increased confidence in decision-making
  • Practical ideas for improving preparedness
  • A shared language for future incidents

Types of CIME exercises

  • Organizational CIME

    Designed for a single organization such as a city, county, school district, utility, nonprofit, or business.

    Best for:

    • Clarifying internal roles
    • Testing leadership and communication
    • Identifying gaps in plans and assumptions

    Typical setting:
    One organization is working through a shared scenario.

  • Conference CIME

    Designed for conferences, workshops, or professional meetings where participants come from different organizations.

    Best for:

    • Reinforcing a conference theme
    • Creating shared learning across organizations
    • Encouraging discussion without exposing internal details

    Typical setting:
    Mixed groups working through the same scenario and comparing approaches.

  • “CIME of One” / Public CIME

    Designed for individuals who are not affiliated with a shared organization.

    Best for:

    • Public education and awareness
    • Community outreach
    • Extension programs and classrooms

    Typical setting:
    Workshops or public events focused on learning rather than organizational planning.

Video Poster

Center for Cybersecurity Innovation & Outreach

cyio@iastate.edu

© Iowa State University of Science and Technology 2026