I am looking for table top or card games related to risk management or information security. A kind of "serious" game that can be used as a teaching tool of infosec/risk management.
I know only about Microsoft's Elevation of Privilege.
I am looking for table top or card games related to risk management or information security. A kind of "serious" game that can be used as a teaching tool of infosec/risk management.
I know only about Microsoft's Elevation of Privilege.
I haven't played anything like this myself, but I found this on Google: http://www.itgovernance.co.uk/products/3831 - Is this similar to what you are looking for?
How about hacker by Steve Jackson games?
http://www.sjgames.com/hacker/
I've used it for exactly what you are asking about.
http://www.controlalthack.com/
Pretty interesting game. I think a book would be a better teacher though.
Actually I think that classic "Risk" is a great example of Risk Management.
Think about it:
A: You are assessing vulnerabilities in your "system" and figure out all potentially threatening scenarios
B: Based on you assessment you are allocating security resources, while using risk management principles to make all decisions. (i.e. how many resources are needed for "full-proof" defense, what is an "acceptable" risk to take and etc)
C: The random/unexpected factors are represented by a dice and cards.
D: The Game Theory factors are also there; as there are different players involved, with intertwined different agendas.
No real connection to Info. Security but it's a Risk Management game thru-and-thru...
OWASP Cornucopia is a mechanism in the form of a card game to assist software development teams identify security requirements in Agile, conventional and formal development processes. It is language, platform and technology agnostic.
Introduction The idea behind Cornucopia is to help development teams, especially those using Agile methodologies, to identify application security requirements and develop security-based user stories. Although the idea had been waiting for enough time to progress it, the final motivation came when SAFECode published its Practical Security Stories and Security Tasks for Agile Development Environments in July 2012.
The Microsoft SDL team had already published its super Elevation of Privilege: The Threat Modeling Game (EoP) but that did not seem to address the most appropriate kind of issues that web application development teams mostly have to address. EoP is a great concept and game strategy, and was published under a Creative Commons Attribution License. Cornucopia Ecommerce Website Edition is based the concepts and game ideas in EoP, but those have been modified to be more relevant to the types of issues ecommerce website developers encounter. It attempts to introduce threat-modelling ideas into development teams that use Agile methodologies, or are more focused on web application weaknesses than other types of software vulnerabilities or are not familiar with STRIDE and DREAD.
Adam Shostack has compiled an excellent list of these types of games here: https://adam.shostack.org/games.html