Playing Information Security

Conducting an awareness training or explaining complex information security concepts can be simplified and made fun through gamification. It is possible to learn more about information security simply by playing card games. Please see below for the three games you can download for free, print and start playing today.

1. Playing with application vulnerabilities

cards

OWASP Cornucopia is a mechanism in the form of a card game to assist software development teams identify security requirements in Agile, conventional and formal development processes. It is language, platform and technology agnostic.

Download for free

2. Playing with threat modelling
EoP_game_screen_shot
Elevation of Privilege (EoP) is the easy way to get started threat modelling, which is a core component of the design phase in the Microsoft Security Development Lifecycle (SDL).

The EoP card game helps clarify the details of threat modelling and examines possible threats to software and computer systems.
The EoP game focuses on the following threats:

  • Spoofing
  • Tampering
  • Repudiation
  • Information Disclosure
  • Denial of Service
  • Elevation of Privilege

An academic-style paper explains the rules motivation and lessons learned in creating the game

Download for free

3. Playing with privacy
privacy-card-back3-copy-1

The VOME project created a card game to support the discussion and teaching of issues of online privacy and consent. Players make decisions about what information characters might reveal to others and what they keep to themselves.

According to the authors, the main idea behind the game is to use the rules to model the way that information flows around the online environment. In real life, these flows are complex and often hidden. In the game it is possible simplify the relationships and decisions, and provide immediate feedback on the effects of those decisions

Download for free