Schweitzer Fachinformationen
Wenn es um professionelles Wissen geht, ist Schweitzer Fachinformationen wegweisend. Kunden aus Recht und Beratung sowie Unternehmen, öffentliche Verwaltungen und Bibliotheken erhalten komplette Lösungen zum Beschaffen, Verwalten und Nutzen von digitalen und gedruckten Medien.
Tabletop exercises are a common way to test disaster recovery and business continuity plans, but they can also be some of the most dry and boring meetings any professional can attend. Following a set script with no variation can cause folks to lose interest and question the value of such exercises, even when they are required for compliance frameworks such as SOC2. What is a security professional to do? Simple-introduce variability by adding dice!
Gamification isn't a new idea, but applying some principles of gamification to a traditional tabletop exercise can breathe new life into a potentially monotonous activity. This book covers how to build a gamified tabletop exercise from the ground up, and provides example exercises you can build upon for your own needs. Not only will participation improve, but you will have reusable exercises to work with as each walk-through can produce different results, helping to cover multiple outcomes when testing your recovery capabilities.
By providing examples and a methodical approach on how to build gamification into a traditional tabletop, the goal is to provide a new perspective on tabletop exercises that should be more engaging for all participants, and thus more beneficial for everyone involved. Avoid the monotony and start practicing with realistic consequences for decisions with dice rolls!
What You Will Learn
Who This Book Is For
GRC or security professionals who would are responsible for executing a tabletop exercise or otherwise tasked with annual testing of the company disaster recovery/business continuity plans. Even participants who are looking for alternatives to traditional "happy path" tabletops may be interested.
John Svazic is the founder and principal consultant of EliteSec Information Security Consultants, a boutique information security consultancy near Toronto, Ontario, Canada. He has been writing and running gamified tabletops since 2017. He used to run an infosec podcast called Purple Squad Security, in which he had a few episodes running gamified tabletops with hosts from other infosec podcasts. He also had a talk at Tactical Edge 2020 and the True North 2018 where he led live tabletop exercises with volunteers.
John has been in the IT field for over 25 years, with the last 13 years focused on information security. He holds a number of certifications, including CISSP, CISM, OSCP, and others. His goal is to share knowledge and experience, as well as to get a bit more recognition for his efforts. He is not the first to try to gamifying tabletops, but his approach is a lot more approachable than others not in the infosec space.
Chapter 1: Tabletops, Gamification, and Dice.- Chapter 2: Roles, Rules, and Goals.- Chapter 3: Gamified Tabletops - An Overview.- Chapter 4: Building the Exercise.- Chapter 5: Adding Randomness.- Chapter 6: Preparing for the Unknown.- Chapter 7: Running a Gamified Tabletop Exercise.
Dateiformat: PDFKopierschutz: Wasserzeichen-DRM (Digital Rights Management)
Systemvoraussetzungen:
Das Dateiformat PDF zeigt auf jeder Hardware eine Buchseite stets identisch an. Daher ist eine PDF auch für ein komplexes Layout geeignet, wie es bei Lehr- und Fachbüchern verwendet wird (Bilder, Tabellen, Spalten, Fußnoten). Bei kleinen Displays von E-Readern oder Smartphones sind PDF leider eher nervig, weil zu viel Scrollen notwendig ist. Mit Wasserzeichen-DRM wird hier ein „weicher” Kopierschutz verwendet. Daher ist technisch zwar alles möglich – sogar eine unzulässige Weitergabe. Aber an sichtbaren und unsichtbaren Stellen wird der Käufer des E-Books als Wasserzeichen hinterlegt, sodass im Falle eines Missbrauchs die Spur zurückverfolgt werden kann.
Weitere Informationen finden Sie in unserer E-Book Hilfe.
