In today's digital landscape, no company is immune to cyber-attacks, making preparedness essential for any organization, regardless of size. Enter the world of Tabletop Exercises (TTX), a cost-effective and results-driven approach to test cyber crises proactively. However, workplace dynamics can hinder effective participation as the fear of proposing wrong decisions and the apprehension of appearing less competent in front of colleagues can still stifle creativity, even during a simple exercise. This book addresses these concerns by injecting a fresh perspective, seamlessly integrating elements from Role Playing Games (RPG) into the design and execution of TTX scenarios to make them more engaging and fun. "The Cybersecurity Game Master" invites readers not only to master the TTX mindset but also to embrace it as a gamified experience, fostering a dynamic learning environment without the fear of judgment. By infusing fun into the serious business of cybersecurity, this book redefines TTX design, allowing teams to enjoy the process of understanding their company, procedures, and future challenges in a stress-free manner.
Sprache
Verlagsort
Verlagsgruppe
Zielgruppe
Für Beruf und Forschung
Professional Practice & Development, Professional Reference, and Professional Training
Illustrationen
1 s/w Photographie bzw. Rasterbild, 7 s/w Zeichnungen, 28 s/w Tabellen, 8 s/w Abbildungen
28 Tables, black and white; 7 Line drawings, black and white; 1 Halftones, black and white; 8 Illustrations, black and white
Maße
Höhe: 234 mm
Breite: 156 mm
ISBN-13
978-1-032-99820-6 (9781032998206)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Klassifikation
Associate Professor Roberto Dillon is an (ISC) (2) Professional Member, an IEEE Senior Member, and the author of six books published by A.K. Peters, CRC Press, and Springer. He holds a Master's and a Ph.D. degree in Computer Engineering from the University of Genoa, a MicroMasters Certificate in Cybersecurity from the Rochester Institute of Technology, and a Certificate in Higher Education Teaching from Harvard University.
Currently, he serves as the Academic Head for the School of Science and Technology at James Cook University's Singapore Campus, where he established a dedicated Cybersecurity degree program in 2020 and founded Southeast Asia's first permanent Computer Games Museum in 2013. Before joining JCU, he held academic positions in institutions such as The Royal Institute of Technology (KTH), Nanyang Technological University, and the DigiPen Institute of Technology.
A keen supporter and developer of FOSS (Free Open-Source Software), his research interests focus on serious games design and on different areas of cybersecurity such as UEBA (User and Entity Behavior Analytics), OSINT (Open-Source Intelligence), and threat intelligence. As a professor and educator, he is also very passionate about enhancing capacity building for the next generation of cybersecurity experts in Southeast Asia by designing new curricula and innovative gamified training tools. Feel free to reach out via his homepage: https://robertodillon.nicepage.io
Part 1: From Facilitator to Cybersecurity Game Master. Chapter 1: The Purpose of Tabletop Exercises. What is a tabletop exercise (TTX)?. The documents. No documents? No problem!. References. Chapter 2: Planning and Running a TTX. Using NIST800-61 to drive TTX design. TTX Example 1. Using the MITRE ATT&CK framework to articulate realistic threats. TTX Example 2. Limitations of TTX in a corporate environment. References. Chapter 3: An Introduction to Gamification, Fun, and Role-Playing Games. Understanding Players and "Fun". The Origins of Role-Playing Games. The Inner Workings of an RPG. References. Chapter 4: Putting the RPG into the TTX. The Cybersecurity RPG Classes. Stats and Skills. Applying the System. RPG-TTX Example: Data Breach. Chapter 5: Making the most out of an RPG-TTX. Creating Relevant and Engaging Cybersecurity Quests. How to debrief players. How to Measure Success: a Cybersecurity Game Master's Perspective. Intermezzo - Chapter 6: Expert Interviews. Prof. Dr. Agostino Bruzzone, University of Genoa. Ms. Francesca Bosco, Cyber Peace Institute. Part 2: Sample Documents and Quests. Chapter 7: The Documents. Incident Response Plan (IRP). Incident Playbook: Distributed Denial of Service (DDOS) Attack. Incident Playbook: Malware Infection via Phishing. Incident Playbook: Ransomware Attack. Chapter 8: The Great Blackout: a DDOS Crisis. The Quest. Comments and Additional Ideas. Chapter 9: The Silent Intruder: a Spear-Phishing APT Attack. The Quest. Comments and Additional Ideas. Chapter 10: To RDP or not to RDP? A Ransomware Crisis. The Quest. Comments and Additional Ideas. Appendix A: Incident Response Plan Template. Appendix B: Incident Playbook Template. Appendix C: RPG-TTX Character Sheet. Appendix D: Pre-Rolled Characters.
