- ホーム
- > 洋書
- > 英文書
- > Computer / General
Full Description
In today's digital landscape, no company is immune to cyber-attacks, making preparedness essential for any organization, regardless of size. Enter the world of Tabletop Exercises (TTX), a cost-effective and results-driven approach to test cyber crises proactively. However, workplace dynamics can hinder effective participation as the fear of proposing wrong decisions and the apprehension of appearing less competent in front of colleagues can still stifle creativity, even during a simple exercise. This book addresses these concerns by injecting a fresh perspective, seamlessly integrating elements from Role Playing Games (RPG) into the design and execution of TTX scenarios to make them more engaging and fun. "The Cybersecurity Game Master" invites readers not only to master the TTX mindset but also to embrace it as a gamified experience, fostering a dynamic learning environment without the fear of judgment. By infusing fun into the serious business of cybersecurity, this book redefines TTX design, allowing teams to enjoy the process of understanding their company, procedures, and future challenges in a stress-free manner.
Contents
Part 1: From Facilitator to Cybersecurity Game Master. Chapter 1: The Purpose of Tabletop Exercises. What is a tabletop exercise (TTX)?. The documents. No documents? No problem!. References. Chapter 2: Planning and Running a TTX. Using NIST800-61 to drive TTX design. TTX Example 1. Using the MITRE ATT&CK framework to articulate realistic threats. TTX Example 2. Limitations of TTX in a corporate environment. References. Chapter 3: An Introduction to Gamification, Fun, and Role-Playing Games. Understanding Players and "Fun". The Origins of Role-Playing Games. The Inner Workings of an RPG. References. Chapter 4: Putting the RPG into the TTX. The Cybersecurity RPG Classes. Stats and Skills. Applying the System. RPG-TTX Example: Data Breach. Chapter 5: Making the most out of an RPG-TTX. Creating Relevant and Engaging Cybersecurity Quests. How to debrief players. How to Measure Success: a Cybersecurity Game Master's Perspective. Intermezzo - Chapter 6: Expert Interviews. Prof. Dr. Agostino Bruzzone, University of Genoa. Ms. Francesca Bosco, Cyber Peace Institute. Part 2: Sample Documents and Quests. Chapter 7: The Documents. Incident Response Plan (IRP). Incident Playbook: Distributed Denial of Service (DDOS) Attack. Incident Playbook: Malware Infection via Phishing. Incident Playbook: Ransomware Attack. Chapter 8: The Great Blackout: a DDOS Crisis. The Quest. Comments and Additional Ideas. Chapter 9: The Silent Intruder: a Spear-Phishing APT Attack. The Quest. Comments and Additional Ideas. Chapter 10: To RDP or not to RDP? A Ransomware Crisis. The Quest. Comments and Additional Ideas. Appendix A: Incident Response Plan Template. Appendix B: Incident Playbook Template. Appendix C: RPG-TTX Character Sheet. Appendix D: Pre-Rolled Characters.
