#securitygame — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #securitygame, aggregated by home.social.
-
@meet_judith @jqlifice @literatools @sandzwerg
Würdest du mehr zu dem /deinem IT #SecurityGame erzählen?
Ist ein Thema war mich total interessiert
https://infosec.exchange/@realn2s/110078277251894141 -
Finally managed to play Data Breach
https://www.thegamecrafter.com/games/data-breachFunny short game to raise #cybersecurity awareness of non-technical business people.
Thanks to the the participants of #p4a24 who helped me
P.S. if you ever create a game, don't name it "Data Breach". It's a terrible search term
-
Not really a #SecurityGame but nevertheless an interesting concept:
https://binary.protect.io/#BinaryRiskAnalysis takes the complexity out of #RiskAnalysis
Or rather, it acknowledges that we don't know a lot and doesn't add (fake) precision where we don't know what we are talking about.
With 10 yes-or-no question you get and high/medium/low risk score per asset
8/n
-
Not really a #SecurityGame but nevertheless an interesting concept:
https://binary.protect.io/#BinaryRiskAnalysis takes the complexity out of #RiskAnalysis
Or rather, it acknowledges that we don't know a lot and doesn't add (fake) precision where we don't know what we are talking about.
With 10 yes-or-no question you get and high/medium/low risk score per asset
8/n
-
Not really a #SecurityGame but nevertheless an interesting concept:
https://binary.protect.io/#BinaryRiskAnalysis takes the complexity out of #RiskAnalysis
Or rather, it acknowledges that we don't know a lot and doesn't add (fake) precision where we don't know what we are talking about.
With 10 yes-or-no question you get and high/medium/low risk score per asset
8/n
-
Not really a #SecurityGame but nevertheless an interesting concept:
https://binary.protect.io/#BinaryRiskAnalysis takes the complexity out of #RiskAnalysis
Or rather, it acknowledges that we don't know a lot and doesn't add (fake) precision where we don't know what we are talking about.
With 10 yes-or-no question you get and high/medium/low risk score per asset
8/n
-
Not really a #SecurityGame but nevertheless an interesting concept:
https://binary.protect.io/#BinaryRiskAnalysis takes the complexity out of #RiskAnalysis
Or rather, it acknowledges that we don't know a lot and doesn't add (fake) precision where we don't know what we are talking about.
With 10 yes-or-no question you get and high/medium/low risk score per asset
8/n
-
Let's try this. I'm looking for a #SecurityGame
It was called Hack Attack and was from #SANS.
AFAIK it was "based" in Exploding Kittens but with security content.
The orignal URL was https://www.sans.org/sites/default/files/2018-09/HackAttackCardGame-Directions_Printable.pdf but is now 404.
I couldn't find it in any archive 😠I would be very happy if I could locate a backup 🙂
Please RT/share
(the reference is from @@adamshostack)
-
Back to some a #SecurityGame I/we tried:
Cyber Threat Defender is a card game created by #CIAS
The target audience is students or the general public.As a player you play the hero and the villain at the same time.
You build up your infrastructure for which you earn points. You try to protect your infrastructure so that you keep earning points. And you attack you opponents' infrastructure.
(I believe the game mechanics are similar to #MagicTheGathering (which I haven't played))The game is a competitive and you play it in pairs. AFAIK there are also Tournaments, at least in the US.
The game teaches about general security topics, common threats and typical (technical) counter measures. As a non-expert you will gain general knowledge and have some fun, as a security expert you will just have some fun.
I think the game is a nice introduction to security and a good tool to create basic awareness without requiring a lot of previous knowledge.
It is not especially adapted to a company environment. I think the value in a this context is limited.
Nevertheless #CyberThreatDefender is fun.
6/n
-
My newest addition the CIA Collect it All card game.
I haven't played this #SecurityGame
5/n -
My thread got slightly derailed as a rather long (detour) post on #FearlessJourney (by @deborahh) got lost and I got frustrated (it isn't a #SecurityGame but I love the game mechanics and would like to see them applied to a security topic. I don't know how yet)
4/n
-
A sibling #SecurityGame to #EoP is @owasp #Cornucopia
Instead of the #STRIDE categories it follows the #OWASP Secure Coding Practices
* Data validation and encoding
* Authentication
* Session management
* Authorization
* Cryptography
* Cornucopia (Misc)It targets (web) development teams. The same recommendations apply here as for #EoP. Play cooperatively, help others applying cards (they learn about the system as well at about the security concepts) restricted the cardset you play with.
https://owasp.org/www-project-cornucopia/
3/n
-
@adamshostack also created the #SecurityGame Elevation of Privilege: the Threat Modeling Game (#EoP)
You play it as a software development team on an architecture diagram of a (real) software system (e.g. a dataflow diagram).
You will learn about the #STRIDE (or #STRIPED) thread modeling approach.
If you play it on the on a real system, you probably will get real findings or at least Todo's to verify possible weaknesses.While the manual describes the gameplay in competitive manner, I recommend that you play it in a collaborative way. Where you help each other to apply the cards onto the system and supplement each other's cards.
Additionally, I would initially reduce the cards in play. The higher value cards describe very general unspecific threads which can be confusing if you aren't well versed in threat modelling (STRIDE).https://agilestationery.com/pages/elevation-of-privilege-eop-threat-modeling-card-game
2/n
-
As I just found the #SECWEREWOLF #SecurityGame
https://infosec.exchange/@realn2s/110071853623448036Let me write some more about Security Games.
First:
Why do I consider them so important?#InfoSec / #Cybersecurity is a topic which is often experienced as
* obstructive (the department of NO),
* unrealistic (they want WHAT? I can't work that way)
* complex (yesterday you told me it's ok),
* boring (SO many details),
and attached to fear (everybody does some stuff they either don't know if it is compliant or are aware that it is noncompliant).At the same time security can't impose security and security is everyone's job.
Games help to address these issues.
If something is prohibited in a game, it's no problem. Either it's part of the game rules or you don't have to fear being noncompliant.
Games don't need to be realistic. Actually, being unrealistic at least on some dimensions is probably a core trait of a game.
As they don't need to be realistic you can reduce the complexity as needed.
A good game is fun and not boring :-).
And you don't need to fear the consequences. If I open attachment, execute everything, use my last name as password on all accounts, the whole infrastructure gets owned because of me,
I won't get fired. -
Just found #SECWEREWOLF https://www.jnsa.org/en/activities/game/index.html
A Werewolf / Mafia based #SecurityGame.
Looks like fun. Sadly, it is not available in Germany and there is no download available.Could someone from #Japan check if it is available at all?
https://otakumode.com/shop/5bb2e04835a3953e06f67223/Secwerewolf-Board-Game