Awesome Security Card Games – Mastering Cybersecurity Through Play

Security card games help train your skills and enable discussions for various areas of security. Mastering Cybersecurity Through Play,’ your essential guide to the innovative world of security card games.

These games aren’t just entertaining; they’re powerful tools designed to sharpen your skills and foster critical discussions across various domains of security.

From application security to threat modeling, we’ve curated a list of engaging card games that will transform your approach to cybersecurity training and awareness.

Contents

• Application Security
• Cryptography
• Data Privacy
• Incident Response
• Threat Modeling
• Various Resources

Application Security

• Cornucopia – A card game based on OWASP’s Top 10 (authentication, data Validation etc.). The card deck is available as PDF from OWASP.

Cryptography

• Crypto Go – An educational card game designed to teach up to date symmetric cryptography. Crypto Go deck consists of cards representing modern cryptographic tools.

Data Privacy

• Know your risks – Learn what information is safe to share online and understand the risks. Learn about whether to share, not share or be cautious with different pieces of information.

Incident Response

• Backdoors & Breaches – An incident response card game. It helps you conduct incident response tabletop exercises and learn attack tactics, tools, and methods.
• Defensomania – An incident response card game for security monitoring and incident response teams to discuss priorities, possible response actions and attack scenarios.

Threat Modeling

• Elevation of Privilege (EOP) by Microsoft – A card game based on Microsoft’s threat modeling framework “STRIDE” (Spoofing, Tampering etc.). The card deck is available as PDF from Microsoft. Adam Shostack, the author of EoP has also a git repo for EoP.
• Security Cards – A card game encouraging to think broadly and creatively about computer security threats. Four dimensions are covered: Human Impact, Adversary’s Motivations, Adversary’s Resources, Adversary’s Methods.
• Cumulus – A threat modeling card game for the clouds which helps you find threats to your DevOps or cloud project and teaches developers a security oriented mindset.

Various Resources

• Tabletop Security Games & Cards – List of security card games created and maintained by Adam Shostack.
• Tabletop Simulations to Improve Your Information Security Program – Red Canary’s write-up about tabletop exercises for information security programs.
• Game On: Tabletop Games to Teach Cyber and Information Security Concepts – List of tabletop games to teach cyber and information security concepts.