Incident Response Team Game

Welcome to IR training – with a twist: This is an actual game.

The reason for that is simple, as learning works better while you’re having fun. That doesn’t make it less serious, though.

How does the game take place?

The game starts on a given Friday afternoon. Something is up and it’s up to you, your teammates and the other teams to find out what’s wrong and solve it.

There’s a team for each role in the company we’re simulating. One team could be the information security team, one could be the management team, privacy team, user support team or something else. That depends entirely on the specific scenario. But whatever we do, we always play the game with broad roles and try to put as many different skill sets in the pile as possible. Different people get different ideas. That’s a strength everywhere and this is no exception.

You’re thrown very bluntly into the game with very little information to go with – just like in real life you will need to gather information, act based upon that and hope for the best!

We’re playing three rounds in the same scenario. Each round will start at a different point in time with a status report from the Incident Master running the game. After that, each team will take their turn, state what they want to do (do something or talk to someone). Your team will throw a dice and depending on your luck and skills you will succeed or not. Simple, right?
An example of an opening status could be:
‘You have received an alarm from Microsoft Dart on your Azure cloud environment. An administrator has logged in; however, that particular administrator is on vacation.

What do you do?

Your actions depend on your temper, your risk acceptance level and your desire for knowledge of facts before acting. Do you close the administrator account right away and risk preventing someone from doing their job or do you collect information before acting and potentially lose valuable time? It’s up to you and your team!

After the game we’ll do a proper debriefing together on how good you did.

Let the games begin!