2- Define the parties which will be involved in the exercise and make sure they include the same functions that would be involved if such a scenario would take place. This will allow you to measure the results from all functional responsibilities

3- Select the organization which will carry the simulated attack. It is better to use an organization which specializes in adversary based scenarios

4- Inform the relevant parties of the exercise- Unless you want to perform a complete clandestine exercise

5- Prepare an observation report where you measure the different components pertinent to a crisis such as but not limited to: Time of response, Operational Behavior, Efficiency of Procedures, Motivation of the Security Guards, Alertness Level, Logistics, Communication, Ability to think rapidly under stress, Division of Roles , etc..

6- Film the exercise so that you can show it to participants, analyze all components and make necessary changes in your security alignment

7- Be humble about the findings and be prepared to accept bad results, including procedures that don't work, lack of speed, etc..

8- Involve the management in the findings

9- Understand the real findings and their impact on the organization

10- Prepare the required operational, strategic and tactical changes and take help from professional entities

‍

Following these steps is important  and performing such exercises at least 6 times a year.

Whatever the findings, you will be smarter about your real time security and be in time to make changes.

Remember, do not pick the exercise according to what you feel comfortable with! Instead, do it according to the opponent.

‍