Technical Stream
Technical Stream
Cyber safety management games scenario

Abstract:

Practical training designed to teach middle-level managers to make business decisions that take into consideration cyber-safety requirements based not only on corporate policies but on a deep understanding of cybercriminal behavior patterns, social engineering techniques and common sense.

Your task: To develop a scenario and content for this type of training for one of the following industries:

  • FMCG
  • Banking
  • Industrial (plant or power station)

The scenario should be based on existing software engine features (details and access to the engine is provided upon request together with the relevant training). The proposals may be used for real product development.

1. Story Requirements

What is your story about? Create a story based on how people may typically work in the chosen industry. Create a workplace map, the tasks people need to perform – and can perform in either a safe or unsafe manner. Explain how criminals can eхploit the wrong decisions by a manager. The following is an example of what the logic may look like:

Story Requirements
Materials and details

Place the workplace situations on the maps (10-12 situations per map). The resulting map should look like this: download the full size map to view.

workplace situations

For each situation (zone of the map) you should suggest:

  1. The teaching content for the zone:
  2. The game balance – both for each zone and the whole map – how risky it is, and how much it influences the efficiency of each person and the task/work process of the map as a whole.
  3. The content for the map: picture and character text that explains the situation in the clearest possible way.
  4. A story: what is a dramatic contradiction between the efficiency and safety regarding the tasks the employee should solve with the help of the manager (the player)? What is the cyber risk in the situation? What kind of hackers usually use these type of vulnerability in software and/or human behavior? What might the consequences be if the employee makes the wrong decision? How can these consequences be predicted and prevented? How does this situation fit into the wider context of the whole map?
    • Slides before the zone
    • Slides after the zone
    • Slides with the conclusion we want to drive home to the students
    • Exercises that will help the students find the best solution to a situation.

2. Task Delivery Format

The format should comply with the Cyber Safety Management Games engine requirements. To understand how the training works, please watch the related Prezi. A sample map and access to the CSMG platform with a sample scenario are provided upon request. The following materials are provided:

  1. Map – AI file + png/pdf preview or sketches
  2. In-game slides – pptx file. The zone and the slide type (before the zone, after the zone, conclusion, exercises) should be marked in the comments to the slides.
  3. Working scenario for CSMG engine:
    • Recommended sequence of zones
    • Balanced game mechanics covered by CSMG engine features or requiring slight modifications
    • Map and in-game slides uploaded
    • Explanations and comments for the trainer

Intermediate approval and support will be provided by the Kaspersky Lab Team.

3. Requirements for CSMG Scenario

CSMG is not a basic cyber safety skills drill; it aims to show the participants just how important cyber security is for their jobs and provides the participants with a foundation level of knowledge on actual cyber threats within a scenario-based approach.

The scenario should contain:

  1. A single story per each map – either a project or a story of daily routine operations;
  2. Number of characters with a description of each – names, stories and their relation to CS issues;
  3. List of cyber threats viewed in terms of basic cyber security domains:
    • Antivirus/application usage
    • Data leak
    • Mobile security
    • Web
    • Email
    • Victim behavior
    • Social engineering
    • Security alerts
    • Vigilance skills
    • Policy breach
  4. List of criminals with an explanation of their motives and descriptions of the most typical behavior and victim profile
  5. List of vulnerabilities in the software and victim behavior that the criminals can exploit
  6. The mitigation strategies described
  7. Exercises to be completed that will help the students work out the correct strategy for each case described in the map
  8. Estimated training length – 2-3 hours per map.

The testing of a scenario will be performed at an additional competition stage after evaluating the descriptions provided and receiving intermediate approval.

4. Evaluation criteria

The scenario will be evaluated based on the following criteria:

  1. The quality of the story: how close the story is to real life and how typical the situations described are;
  2. Quality of teaching moments: whether or not the participants of this training course will be persuaded by the exercises and the threat descriptions;
  3. Game balance – will the suggested game mechanics maintain an interest in the topics viewed within the training course.

5. Supplementary materials.

  1. Example of existing game and all related materials;
  2. 2-hour Webex training with explanations;
  3. Access to the CSMG scenario editor.