Article 4XK34 Backdoors and Breaches Incident Response Card Game Makes Tabletop Exercises Fun

Backdoors and Breaches Incident Response Card Game Makes Tabletop Exercises Fun

by
Fnord666
from SoylentNews on (#4XK34)

upstart writes in with an IRC submission for chromas:

Backdoors and Breaches incident response card game makes tabletop exercises fun:

There's a new, fun way to run a realistic incident response tabletop exercise, and it's called Backdoors and Breaches. Inspired by Dungeons and Dragons (B&B instead of D&D), the game includes a pack of custom playing cards and a 20-sided die. Five to six people can play it in as little as 15 to 20 minutes.

The card deck comes from the folks at pentesting firm Black Hills, who sent us a review deck and walked us through how to play. It's a simple concept, easy to play, and looks like a fun way to run a tabletop exercise.

[...] Unlike some tabletop exercises that can take months to prepare and last for days, Backdoors and Breaches makes it simple to role-play thousands of possible security incidents, and to do so even as a weekly exercise. The game can be played just by blue teamers but could also involve a member of the legal team, management, or a member of the public relations team. The ideal game involves no more than six players to ensure that everyone is engaged and participating. "This game can be played every Thursday at lunch," Blanchard tells CSO.

If the upside of the B&B card deck is the ability to instantly create thousands of scenarios from generic attack methods, the downside is that it lacks cards for specific industries, or company-specific issues. Black Hills plans for expansion decks in 2020, including one for industrial control system (ICS) security and another for web application security.

[...] While obviously designed as a marketing tool for their pentesting business, the B&B deck will be useful to many enterprises, as well as schools and universities, who Blanchard says have shown great interest in the card deck.

If companies become more secure as a result of using their card deck? Blanchard says their pentesters would be happy with that. "We want to pentest companies that make us really have to work for it," he says.

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments