This website has been created to demonstrate the cyber security game called Riskio which has been created as part of a PhD in Cyber Security at University of Southampton.
Alternative Game Play
WHY ALTERNATIVE GAME BOARD AND RULES?
Riskio was created so that it could be adapted to meet organisation requirements as organisations have different cyber threats and employees within the organisations have different learning requirements. The following are two examples using gamification to change the game mechanics and also how the game boards can be changed to meet organisational requirements.
This is example of alternative game play with four players and game Master
ALTERNATIVE GAME BOARD V2 - VERSION 1
In this example the objective of the organisation is to teach a wide range of vulnerabilities and defences. The players to win must comprise each of the ten locations on the board to win as opposed to version 3 where the play needed to purchase six STRIDE tokens after successful attack.
Four players denoted by Yellow, Red. Green and Blue pawns and associated clear coloured tokens (Size 22 mm)
Associated clear coloured token on board by number shows successful attack by the player (Transparent 20 mm tokens)
Green Tokens awarded for successful defence (Green 25 mm tokens)
Each player has a dice and moves clock wise around the board (Size 12 mm)
The player to first compromise all ten 10 locations the game ends and the player wins (10 locations on example board)
Players can count total number of tokens they played on the board and defence tokens
Example with four players
ALTERNATIVE GAME BOARD V2 - VERSION 2
Game Mechanics Changes: Add tokens players must buy defence cards; Game board has new outer ring of colour coded squares in the six STRIDE categories; The STRIDE selection by player is random by throwing dice; To win players must successfully defend to buy STRIDE token and collect one from all six STRIDE suits.
Rule Changes:
Player starts with 15 units
At the beginning of each round player can:
a) buy defence card for 10 units (the card is turned over face up)
b) buy a STRIDE token for 15 units (only if they just defended against successful attack (could restrict to STRIDE attack category))
Player throws a dice:
a) If on STRIDE suit the games master selects top card from suit
b) If on “Select any…” player can elect which suit
c) If on “Miss a Turn” player does not have a turn
The games master reads out the attack and if the player answers the attack question correctly, they win 10 units
The games master then throws the dice to decide if the attack was successful depending on defence cards player has purchased
All the players check the defence cards they have if successful then, they win 10 units, if they were not, then they lose 5 units
If player passes the start, they collect 5 units
First player to collect all six STRIDE tokens wins
Riskio alternative game Version 2 - Riskio Out of The Box
riskio alternative game version 3 - riskio out of the box
This game is an adaption of Riskio version 2. It is called “Riskio Out of The Box”, because the game is designed to be played by a unskilled Games Master.
Game Mechanics Changes: Attack cards have the question and answer on them; The Game Board is made up of tiles which are 5.6 cm by 5.6 cm; Tiles can be selected to suit the game requirements, for example if Spoofing was an issue for an organisation more of these tiles could be used.
Tokens to buy defence cards and STRIDE Tokens
Alternative Game Play, each of the six STRIDE categories are colour coded and first player to complete successful attack with each category collects a triangle first to collect all six wins the game.
Spoofing - Blue
Tampering - Green
Repudiation - Mauve
Information Disclosure - Orange
Denial of Service - Pink
Elevation of Privilege - Yellow