SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Backdoors and Breaches Incident Response Card Game Makes Tabletop Exercises Fun
Date    Tuesday January 07 2020, @11:43PM
Author    Fnord666
Topic   
from the what-would-you-do? dept.
https://soylentnews.org/article.pl?sid=20/01/07/0519211

upstart writes in with an IRC submission for chromas:

Backdoors and Breaches incident response card game makes tabletop exercises fun:

There's a new, fun way to run a realistic incident response tabletop exercise, and it's called Backdoors and Breaches. Inspired by Dungeons and Dragons (B&B instead of D&D), the game includes a pack of custom playing cards and a 20-sided die. Five to six people can play it in as little as 15 to 20 minutes.

The card deck comes from the folks at pentesting firm Black Hills, who sent us a review deck and walked us through how to play. It's a simple concept, easy to play, and looks like a fun way to run a tabletop exercise.

[...] Unlike some tabletop exercises that can take months to prepare and last for days, Backdoors and Breaches makes it simple to role-play thousands of possible security incidents, and to do so even as a weekly exercise. The game can be played just by blue teamers but could also involve a member of the legal team, management, or a member of the public relations team. The ideal game involves no more than six players to ensure that everyone is engaged and participating. "This game can be played every Thursday at lunch," Blanchard tells CSO.

If the upside of the B&B card deck is the ability to instantly create thousands of scenarios from generic attack methods, the downside is that it lacks cards for specific industries, or company-specific issues. Black Hills plans for expansion decks in 2020, including one for industrial control system (ICS) security and another for web application security.

[...] While obviously designed as a marketing tool for their pentesting business, the B&B deck will be useful to many enterprises, as well as schools and universities, who Blanchard says have shown great interest in the card deck.

If companies become more secure as a result of using their card deck? Blanchard says their pentesters would be happy with that. "We want to pentest companies that make us really have to work for it," he says.

Original Submission

Links
  1. "upstart" - https://soylentnews.org/~upstart/
  2. "Backdoors and Breaches incident response card game makes tabletop exercises fun" - https://www.itworld.com/article/3509467/backdoors-and-breaches-incident-response-card-game-makes-tabletop-exercises-fun.html
  3. "Backdoors and Breaches" - http://www.backdoorsandbreaches.com/
  4. "web application security" - https://www.csoonline.com/article/3315700/what-is-application-security-a-process-and-tools-for-securing-software.html
  5. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=38449
© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Backdoors and Breaches Incident Response Card Game Makes Tabletop Exercises Fun on 2024-05-03 06:39:24