2nd Edition

Tracking the trends and news for IT and IT Security

Paul

Dungeons and Disaster Recovery: Tabletop Exercises for IT Training

Dungeons and Disaster Recovery: Tabletop Exercises for IT Training
Hacker Noon – James Bore
https://hackernoon.com/dungeons-and-disaster-recovery-tabletop-exercises-for-it-training While the reality may be less full of evil gremlin-summoning cybercriminals and magic-wielding security teams, there’s a strong overlap in the goals of a good scenario and a good role playing campaign. These exercises also have a long and noble history outside of modern IT and cyber security uses, going back at least two hundred years to Reisswitz’s “Kriefsspiel” in 1824, developed by him and his father and described by General Karl von Mueffling as “not a game at all. It’s training for war. The idea of using tabletop scenarios as a place to test or stress-test plans and prepare for disasters, building up tolerances for stress and panic in those involved (run well they are intense experiences), and provide a place to get things wrong safely is spreading.

The Different Types of Tabletop Exercises There’s a whole slew of options when you’re running a tabletop exercise, depending what you want out of it. As a marketing and awareness exercise for a particular threat or event then a highly structured format involving detailed inputs, limited (or even no) choices, almost as a replay of real events can be highly effective – less engaging, but scalable at low effort in a way more involved scenarios are not. At the other end of the spectrum we end up with the much more open scenarios, almost completely unscripted and requiring a skilled moderator to run, responding in realtime to participant’s decisions, creating new injects on the fly.

As a general rule the more scripted the tabletop exercise the easier it is to run at scale, the more effort it takes for the initial creation, and the less knowledge it requires from a moderator to run. The less scripted the session, the harder to run at scale (possible, but requires more resources and effort), and the more knowledge and expertise required of the moderator. The ideal here is someone with experience of the sort of incident being simulated, along with experience of running game sessions (yes, I do put thirty years of running tabletop RPG sessions on my CV when I’m pitching these exercises). What unscripted sessions do provide is the chance to test specific plans, or even build them based on actions and choices during the exercise.

How Do You Run a Tabletop Exercise? I’d love to say the best way to run one is to engage a professional (and it is true, if you have budget and can find a professional then you should). However, if you’re just looking to test out the idea, or looking for a new take for family game night, then you can easily run a tabletop session yourself with limited effort.
Link: https://hackernoon.com/dungeons-and-disaster-recovery-tabletop-exercises-for-it-training

Categories:

Tags: