IT security game

Here's a fun and original board game that IT security professionals can play to hone their strategy skills during those rare periods of assured uptime. Loosely based on family favourite snakes-and-ladders, players encounter the thrills and spills of keeping enterprise systems running - and corporate data safe. E&T explains the rules.

You can download the IT Security Game playing board here (full-colour PDF, 5Mb).

IT security is no game, and those who practice it can expect no respite from the onslaught of online threats - except for this game. You have to steer your organisation past the hackers, script kiddies and disgruntled employees. Your future as CIO is at stake, and your decisions could spell the difference between winning or losing.

All you need are a couple of standard games dice, and some form of place marker for each player - e.g., a tiddly-wink.

Start the game with three products or services you can buy that you think should enhance your security. As you move around the board, you find out whether or not they work. One piece of bad planning can send you back to the beginning.

When you land on a Random Event, and you haven't implemented the necessary protection, you take the full impact. If you have, you get to laugh in the face of chance - and roll again. Serpents of unforseen fate lurk elsewhere: green slithers you up, while red slithers you down.

Buy three forms of protection, or just two if you pick the expensive penetration-test plan:

  1. Make sure all servers are fully patched with latest updates;
  2. Buy a top-of-the-range firewall appliance;
  3. For two credits go for a penetration test to find out weak spots in the security plan, and train staff on what went wrong;
  4. Implement single sign-on (SSO) to stop people writing down passwords;
  5. Block all USB ports from unauthorised devices such as memory sticks;
  6. Invest in a wireless scanner to hunt for unauthorised Wi-Fi access points.

Random event - roll two dice

  1. Slammer worm pays a visit to your critical servers. Miss one go while you patch, unless you already have;
  2. Major botnet closed down by police. Dance a little jig, and advance five places;
  3. A new worm turns up, but it's a zero-day attack. Luckily, a top-of-the-range firewall happens to block the port it tries to use. Go back five spaces unless you have one;
  4. Hacker team has found unblocked port on an obscure server, and is making full use of the access. Miss a turn while you fix unless you already found the port thanks to the penetration test;
  5. Worker tries to plug in a USB device that they found in the street - and it has a virus on it. Go back three spaces unless you've blocked USB ports or have implemented the penetration-tester plan;
  6. A disgruntled employee has copied a key database onto a DVD-R. Miss a turn while you deal with the police;
  7. Board approves more spending on IT security. Pick another option from the purchase list;
  8. The CFO's pocket diary - complete with a list of strong passwords - is unfortunately left on the back seat of a taxi. Go back three spaces while you reset the passwords on the network, unless you already have SSO;
  9. Fed up with being unable to get on the Internet with their own laptops, one department has bought its own Wi-Fi router and plugged it in, providing ready access for any drive-by hackers. Go back five spaces while you hunt down the offending router - unless you already have the scanner in place;
  10. Novice hacker breaks into server, but forgets to cover tracks. Advance three places as police deal with miscreant and board prioritises security plan;
  11. You have been pwned. Social engineering through Facebook has delivered up the password of the COO to a paid hacking team which is currently downloading all of the company data, and replacing it with animated GIFs from old 'Batman' TV programmes. Go back to the beginning and try again, unless you invested in the penetration test and training package.

You can download the IT Security Game playing board here (full-colour PDF, 5Mb).

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them