Gamified Tabletop Exercises for Effective Disaster Recovery Testing: Preparing for Disasters with Dice
暫譯: 有效災難恢復測試的遊戲化桌上演練:用骰子準備災難
Svazic, John
- 出版商: Apress
- 出版日期: 2025-05-08
- 售價: $1,450
- 貴賓價: 9.5 折 $1,378
- 語言: 英文
- 頁數: 132
- 裝訂: Quality Paper - also called trade paper
- ISBN: 9798868812514
- ISBN-13: 9798868812514
海外代購書籍(需單獨結帳)
相關主題
商品描述
Tabletop exercises are a common way to test disaster recovery and business continuity plans, but they can also be some of the most dry and boring meetings any professional can attend. Following a set script with no variation can cause folks to lose interest and question the value of such exercises, even when they are required for compliance frameworks such as SOC2. What is a security professional to do? Simple--introduce variability by adding dice!
Gamification isn't a new idea, but applying some principles of gamification to a traditional tabletop exercise can breathe new life into a potentially monotonous activity. This book covers how to build a gamified tabletop exercise from the ground up, and provides example exercises you can build upon for your own needs. Not only will participation improve, but you will have reusable exercises to work with as each walk-through can produce different results, helping to cover multiple outcomes when testing your recovery capabilities.
By providing examples and a methodical approach on how to build gamification into a traditional tabletop, the goal is to provide a new perspective on tabletop exercises that should be more engaging for all participants, and thus more beneficial for everyone involved. Avoid the monotony and start practicing with realistic consequences for decisions with dice rolls!
What You Will Learn
- Plan, build, and execute tabletop exercises with participants
- Understand and explain gamification benefits and how to add it to traditional tabletop exercises
- Understand why and how to introduce such concepts to a traditional tabletop exercise
- Get up to speed on the purpose of tabletop exercises as well as how to improve participation and retention of exercise participants
- Compile tips and tricks to help when encountering unexpected issues during tabletop exercises, from unexpected decisions to difficult participants
- Know tools and techniques, such as using mind maps, to help plan and build gamified tabletop exercises
Who This Book Is For
GRC or security professionals who would are responsible for executing a tabletop exercise or otherwise tasked with annual testing of the company disaster recovery/business continuity plans. Even participants who are looking for alternatives to traditional "happy path" tabletops may be interested.
商品描述(中文翻譯)
桌上演練是測試災難恢復和業務持續計劃的常見方式,但它們也可能是任何專業人士參加的最枯燥乏味的會議之一。遵循一套沒有變化的腳本可能會導致人們失去興趣,並質疑這類演練的價值,即使它們是符合 SOC2 等合規框架所必需的。安全專業人士該怎麼辦?簡單——通過加入骰子來引入變化!
遊戲化並不是一個新概念,但將一些遊戲化的原則應用於傳統的桌上演練可以為這一潛在單調的活動注入新活力。本書涵蓋了如何從零開始構建遊戲化的桌上演練,並提供可以根據自身需求進行擴展的示例演練。不僅參與度會提高,您還將擁有可重複使用的演練,因為每次演練都可能產生不同的結果,幫助您在測試恢復能力時涵蓋多種結果。
通過提供示例和系統化的方法來將遊戲化融入傳統桌上演練,目標是為桌上演練提供一種新的視角,使所有參與者都能更投入,從而使每個參與者都能獲益。避免單調,開始用骰子擲出決策的現實後果進行練習吧!
您將學到的內容:
- 與參與者一起計劃、構建和執行桌上演練
- 理解並解釋遊戲化的好處以及如何將其添加到傳統桌上演練中
- 理解為什麼以及如何將這些概念引入傳統桌上演練
- 了解桌上演練的目的,以及如何提高參與者的參與度和留存率
- 編輯提示和技巧,以幫助在桌上演練中遇到意外問題時應對,從意外決策到困難的參與者
- 知道工具和技術,例如使用心智圖,來幫助計劃和構建遊戲化的桌上演練
本書適合對象:
負責執行桌上演練或被指派每年測試公司災難恢復/業務持續計劃的 GRC 或安全專業人士。即使是尋找傳統“快樂路徑”桌上演練替代方案的參與者也可能會感興趣。
作者簡介
John Svazic is the founder and principal consultant of EliteSec Information Security Consultants, a boutique information security consultancy near Toronto, Ontario, Canada. He has been writing and running gamified tabletops since 2017. He used to run an infosec podcast called Purple Squad Security, in which he had a few episodes running gamified tabletops with hosts from other infosec podcasts. He also had a talk at Tactical Edge 2020 and the True North 2018 where he led live tabletop exercises with volunteers.
John has been in the IT field for over 25 years, with the last 13 years focused on information security. He holds a number of certifications, including CISSP, CISM, OSCP, and others. His goal is to share knowledge and experience, as well as to get a bit more recognition for his efforts. He is not the first to try to gamifying tabletops, but his approach is a lot more approachable than others not in the infosec space.
作者簡介(中文翻譯)
約翰·斯瓦齊克是EliteSec資訊安全顧問公司的創始人及首席顧問,該公司是一家位於加拿大安大略省多倫多附近的精品資訊安全顧問公司。他自2017年以來一直在撰寫和運行遊戲化的桌上遊戲。他曾經主持一個名為Purple Squad Security的資訊安全播客,其中有幾集與其他資訊安全播客的主持人一起運行遊戲化的桌上遊戲。他還在2020年的Tactical Edge和2018年的True North上發表過演講,並與志願者一起進行現場桌上演練。
約翰在IT領域工作超過25年,最近13年專注於資訊安全。他擁有多項認證,包括CISSP、CISM、OSCP等。他的目標是分享知識和經驗,並希望能夠獲得更多對他努力的認可。他並不是第一個嘗試遊戲化桌上遊戲的人,但他的方式比其他不在資訊安全領域的人更容易接近。
