2nd Edition

Tracking the trends and news for IT and IT Security

Paul

5 Things SecOps Can Learn from Dungeons & Dragons

5 Things SecOps Can Learn from Dungeons & Dragons
Tech Beacon – Rik Ferguson
Anyone who has ever experienced a SOC 2 or ISO 27001 audit might see the parallels between a lengthy framework of rules and their arbiter. Still, D&D is significantly more fun than a cybersecurity audit. In fact, when it comes to security preparedness there are quite a few lessons that security operations (SecOps) teams that are responsible for the security of connected assetsâincluding myriad Internet of Things (IoT) devicesâcan learn from D&D. And they might just have a bit of fun along the way.

Assemble Your Party >From wizards and warriors to clerics and rogues, there are a wide variety of classes in D&Dâeach with its own specializations. The key to an effective adventuring party is to combine them in a way that the strengths of one character can mitigate the weaknesses of another. Building a cybersecurity team is no different. Cybersecurity Is a Campaign Although there are so-called one-shot adventures in D&D, by and large the game is played over the course of multiple sessions as a campaign. It is important to approach cybersecurity the same way. The threat landscape itself is always changing; for many organizations, the rise of IT/OT convergence and IoT devices means their environment is becoming increasingly complex.

Become All-Seeing and All-Knowing D&D adventures tend to be filled with hidden treasures, secret rooms, and elaborate traps that can be sprung if you’re not careful. How can SecOps become more like the all-seeing and all-knowing dungeon master. One solution is effective visibility.

Visibility delivers a real-time map of the entire network, details of every device that connects to it, and contextual insight into communications flows. Plan for Critical Failure In D&D, when players attack, they roll a 20-sided die. Rolling a 20 is a critical hit; rolling a 1 is a critical failure. Unfortunately, in D&D there is little to be done to mitigate a critical failure, but that is not the case for security operations. Planning to fail is one of the most effective ways to build resilience into your cybersecurity preparedness.

Work on Your Modifiers Novel attack techniques, emerging and zero-day vulnerabilities, and the evolution of technological and regulatory landscapes wait for no one. Cybersecurity requires a commitment to lifelong learning.
Link: https://techbeacon.com/devops/5-things-secops-can-learn-dungeons-dragons

Categories:

Tags: