This website has been created to demonstrate the cyber security game called Riskio which has been created as part of a PhD in Cyber Security at University of Southampton.
Information Cards Deck
THE games master acts as ATTACKER
The Games Master can stop the game play and act as an attacker for all the players to act as defenders.
Example: Games Master (G) selects the Jack of Information: Unsecured USB Drive. “ Cyber Criminals left the USB sticks in your office and staff have plugged them into work PCs. USB has malware and auto run is not disabled so it installs a key logger to capture user names and passwords when plugged in”
example of two defences
Player 1: Plays the Defence Card, 3 Secure Configuration: “Disable auto run in group policy for all PCs and laptops”.
Player 2: Plays the Defence Card, 7 Security Training: “Train staff to report to IT Help Desk if they find USB stick in office”.
The Games Master can use this for example to explain:
Link defences for example to NCSC Cyber Essentials
Discuss cost benefits of defences with players
Discuss effectiveness of defences
Importance not all controls are technical and staff