Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

Backdoors and Breaches Incident Response Card Game Makes Tabletop Exercises Fun

posted by Fnord666 on Tuesday January 07 2020, @11:43PM   Printer-friendly
from the what-would-you-do? dept.
Security Business

upstart writes in with an IRC submission for chromas:

Backdoors and Breaches incident response card game makes tabletop exercises fun:

There's a new, fun way to run a realistic incident response tabletop exercise, and it's called Backdoors and Breaches. Inspired by Dungeons and Dragons (B&B instead of D&D), the game includes a pack of custom playing cards and a 20-sided die. Five to six people can play it in as little as 15 to 20 minutes.

The card deck comes from the folks at pentesting firm Black Hills, who sent us a review deck and walked us through how to play. It's a simple concept, easy to play, and looks like a fun way to run a tabletop exercise.

[...] Unlike some tabletop exercises that can take months to prepare and last for days, Backdoors and Breaches makes it simple to role-play thousands of possible security incidents, and to do so even as a weekly exercise. The game can be played just by blue teamers but could also involve a member of the legal team, management, or a member of the public relations team. The ideal game involves no more than six players to ensure that everyone is engaged and participating. "This game can be played every Thursday at lunch," Blanchard tells CSO.

If the upside of the B&B card deck is the ability to instantly create thousands of scenarios from generic attack methods, the downside is that it lacks cards for specific industries, or company-specific issues. Black Hills plans for expansion decks in 2020, including one for industrial control system (ICS) security and another for web application security.

[...] While obviously designed as a marketing tool for their pentesting business, the B&B deck will be useful to many enterprises, as well as schools and universities, who Blanchard says have shown great interest in the card deck.

If companies become more secure as a result of using their card deck? Blanchard says their pentesters would be happy with that. "We want to pentest companies that make us really have to work for it," he says.

Original Submission

This discussion has been archived. No new comments can be posted.
Backdoors and Breaches Incident Response Card Game Makes Tabletop Exercises Fun | Log In/Create an Account | Top | 11 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 2) by looorg on Tuesday January 07 2020, @11:58PM (3 children)

    by looorg (578) on Tuesday January 07 2020, @11:58PM (#940825)

    No price indicator. No way to order a copy. There is a printable "how to play", but no cards to print (should have been doable if they wanted to). I guess you have to show up at one of these events and "get lucky" or something. Room and plans for many expansions. OK so they are just like D&D then ...

    • (Score: 2) by looorg on Wednesday January 08 2020, @12:00AM (2 children)

      by looorg (578) on Wednesday January 08 2020, @12:00AM (#940827)

      OK there was a link (more info at the bottom), where you give them all your info and they get back to you later. So are they trying to scam you out of your info or launch a kickstarter (or both) ...

  • (Score: 3, Funny) by barbara hudson on Wednesday January 08 2020, @12:09AM (5 children)

    by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Wednesday January 08 2020, @12:09AM (#940830) Journal

    Seriously, they purposefully picked a name that´s offensive. Sure, they´ll get some publicity from the name, but try walking around the office suggesting you get together with a few other co-workers for some «breaching and penteration testing of their back doors» and see how that goes.

    Thought of the day: Trust both business and the government to do the right thing - but only after they´ve tried everything else.

    --
    SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.

    • (Score: 5, Touché) by takyon on Wednesday January 08 2020, @12:29AM

      by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Wednesday January 08 2020, @12:29AM (#940844) Journal

      Let's let the market decide what the right thing is, rather than the perpetually offended.

      --
      [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]

    • (Score: 5, Funny) by Mykl on Wednesday January 08 2020, @03:30AM (1 child)

      by Mykl (1112) on Wednesday January 08 2020, @03:30AM (#940905)

      At least they didn't call it Backdoors and Breeches...

      • (Score: 0) by Anonymous Coward on Thursday January 09 2020, @06:17AM

        by Anonymous Coward on Thursday January 09 2020, @06:17AM (#941348)

        On weekends I like to play "Backdoorin' Beetches". Malt liquor is involved, of course.

    • (Score: 2) by DannyB on Wednesday January 08 2020, @04:43PM (1 child)

      by DannyB (5839) Subscriber Badge on Wednesday January 08 2020, @04:43PM (#941096) Journal

      At least they didn't call it . . . The Blue Scream of Death

      --
      Every performance optimization is a grate wait lifted from my shoulders.

      • (Score: 2) by looorg on Wednesday January 08 2020, @09:36PM

        by looorg (578) on Wednesday January 08 2020, @09:36PM (#941207)

        Is that the sound one makes when they slip in the backdoor?

  • (Score: 3, Funny) by RamiK on Wednesday January 08 2020, @01:32AM

    by RamiK (1813) on Wednesday January 08 2020, @01:32AM (#940859)

    Nothing [youtube.com].

    --
    compiling...
(1)