The Cyber Threat Defender Starter Deck includes 54 cards, which is the minimum number of cards needed to play. Booster packs can be added to this starter deck to encourage more strategic defensive or offensive play. Specific card types may be featured multiple times in the Starter Deck.
You have taken on a contract with popular entertainment outlets to store archives of all kinds of digital media, while still remaining accessible if network demand for that content increases.
Select an Asset – Server that you have in play and attach this card to it. You receive 1 point each round this card is in play.
You have acquired and configured a server to host database applications and facilitate queries and connections to that data.
You receive 1 point each round this card is in play.
You are now regularly making copies of all the data on one of your assets. While it would be convenient to keep these backups in the same place, they are kept off-site to ensure that the data survives.
Attach this to an Asset – Server that you have in play. If this Asset – Server is removed from play, instead of discarding all attached Asset – Data cards as usual, put them back into your hand instead, then discard this Data Backup card.
An attacker has been listening to the wireless transmissions of your opponent. The attacker has collected critical files and login data and can now access your opponent’s systems.
Select a Wireless Network card that your opponent has in play. Your opponent loses two (2) points each round for two (2) rounds. Remove this card from play after two rounds.
Your opponent has downloaded a game which is actually a Trojan Horse, a type of malicious software (malware). While the game is played, the program is also sending copies of files to an attacker.
Select an opponent. That opponent loses one (1) point per round until this card is countered.
Your opponent responded to an email asking for their security/login information. The attacker can now access your opponent’s account and system.
Select an opponent. That opponent loses two (2) points each round for two (2) rounds. Remove this card from play after two rounds.
Your opponent picked a bad or weak password. An attacker was able to guess the password and has accessed their accounts and system.
Select an opponent. That opponent loses one (1) point each round for two (2) rounds. Remove this card from play after two rounds.
Your opponent is hit by the “I Love You” email virus. It appeared to be an email from a friend with the subject “I Love You” but contained an attachment that destroyed system files when opened.
Select an opponent. That opponent loses one (1) point per round until this card is countered and removed from play.
An attacker has launched a Denial of Service (DoS) attack against your opponent’s systems. One system is now not functioning and no work can be accomplished on it.
Select an Asset – System card that your opponent has in play. That Asset – System cannot generate any points for one (1) round. Remove this card from play after one (1) round.
One of your opponent’s assets has been producing too much heat. Without proper cooling or shielding, excessive heat can cause irreversible damage to electronic circuits and their components.
Select either an Asset – System or an Asset – Server that your opponent has in play. Both the target card and this card are discarded.
Your opponent is struggling to maintain a sustainable budget. It is not uncommon for security budgets to be cut when a business encounters financial difficulties. Unfortunately, this will often affect the security readiness of the company.
Select an opponent. That opponent must discard from play one Asset card of their choice.
A binary search is an algorithm designed to quickly search a sorted data structure by recursively splitting sets of data in half and comparing their values.
Cut your deck into two piles. Draw one card from the top of each pile, then shuffle your deck. If the values of the two cards match, put both into your hand. Otherwise, put the card with the higher value in your hand, and the card with the lower value at the bottom of your deck.
One of your opponent’s data backup processes has not been closely monitored and it has been making corrupted copies for quite some time. All of the data copied from that machine is unusable.
Select a Data Backup card that an opponent has in play. When played, both this card and the target card are discarded.
You attend one of the largest cybersecurity conferences in the world. While there, you meet insightful security professionals, learn about some of the latest technologies, and gather some useful free resources.
Draw three cards and then discard this card.
You attended a security training course to learn about ways you can improve your security.
Select either a Password Cracked or a Phishing card that an opponent has in play. When played, both this card and the target card are discarded.
Your opponent experiences a loss of electrical power. This means that no work can be accomplished.
Select an opponent. That opponent loses their turn and receives no points during that round for any of their Asset cards.
Your opponent chose a very poor wireless encryption key which allowed an attacker to crack or break it, thus gaining the ability to monitor their wireless traffic.
Select an Encryption card that your opponent has in play. Both this card and the target Encryption card are discarded.
The failure of critical computer and network equipment causes your opponent to lose the use of an asset.
Select an Asset – System card that an opponent has in play. Both the target card and this card are discarded.
Your opponent forgot to install a critical security update to their operating system (OS). Their system is now vulnerable to attack.
Select an opponent. If they do not have an OS Update/Patch card in play, choose at random one (1) card from their hand to discard. Otherwise, if they have an OS Update/Patch card in play, remove that card from play. This card is removed from play after use.
Your opponent has forgotten to update their firewall rules, which will allow attackers to penetrate it using newer exploits.
Select a Firewall card that an opponent has in play and discard that card. Your opponent loses two (2) points this round. Remove this card from play after one (1) round.
You received an increase to your security budget and purchased newer and more powerful equipment.
Attach this card to an Asset – System card that you have in play. While the attached Asset – System is in play, it generates one (1) additional point each round.
Your opponent did not update their virus and malware signature database. This means they are vulnerable to recent virus and malware attacks.
Select one (1) Anti-Malware/Virus card that your opponent has in play. Both this card and the target card are discarded.
With the rise of data breaches and identity theft, you implement a policy that outlines how to discard objects that may contain confidential information.
This card prevents any loss of points from all Attack – Data Breach cards that target your discard pile.
Many vulnerabilities in computer systems come from programming errors found in software. You have implemented training and code review policies that significantly improved your software security.
This card prevents all Attack – Code Exploit cards from affecting you.
Networks and devices will eventually fail. In fact, the expectation is so high that it is measured as the Mean Time To Failure (MTTF). Redundant systems are used as substitutes for critical systems when they fail or take over their responsibilities.
When one of your Assets would be removed from play, you may instead choose to remove this Redundant System card from play.
You become involved in sharing cyber threat information, which improves global network security and undermines potential threats by enabling participants to better identify vulnerabilities, prepare for attacks, and recover from incidents.
While this card is in play, each Attack – Hack card affecting you has a total value of -1 point per round instead of its normal value.
You create a honeypot which is intended to detect unauthorized activity on your network. This closely monitored data appears to contain vulnerable, valuable and useful information, but it is designed as bait for network intrusion detection.
Attach this to an Asset – Server that you have in play. If this Asset – Server is the target of an Attack – Data Breach, you may choose to prevent that attack; if so, discard this Honeypot card.
You install and setup a network-based firewall. This firewall uses a simple set of rules to allow or deny connections between your local network and the internet. This will help to prevent unauthorized access to your systems.
This card will prevent or counter the Spoofing/Hacking attack card. Remove from play any “Firewall Rules Not Updated” cards affecting you when this card is put into play.
You have received a notification that there is a critical update to your operation system (OS). It patches a security vulnerability that would allow attackers to take over your computer.
This card will prevent one (1) “Forgot to Patch OS” event card, but this card must be in play before the Forgot to Patch OS event card is in play. You may only have one of this card in play.
You activate encryption on your wireless device. This scrambles the signal so that attackers can’t listen to your wireless traffic.
Select a Wireless Network card that you have in play and attach this card to it. That Wireless Network is now encrypted. While encrypted, it cannot be the target of Wireless Sniffing cards. Remove from play any Wireless Sniffing cards that affect the encrypted Wireless Network.
You recently acquired a backup generator to keep your systems functioning in case of an electrical failure. Once this detects a loss of electricity, the generator immediately begins providing power until the electrical failure is fixed.
You may prevent one (1) Power Outage from affecting you. If you choose to do so, put this card at the bottom of your draw pile. You may only have one of this card in play.
You install or update anti-malware and anti-virus software on your computer systems. This prevents known viruses and other malicious software (malware), but needs to be updated periodically.
This card removes all Attack – Malware cards targeting you and remains in play. While this card is in play, you cannot be the target of Attack – Malware cards. You may only have one of this card in play.
This wireless router allows laptop computers and other wireless systems to be connected to the Internet through an Internet Service Provider (ISP).
This card allows unlimited Wireless type cards to be put into play.
A typical laptop computer that can be used to connect to the Internet via a Wireless Router.
You must have a Wireless Network type card in play before playing this card. You receive 1 point each round this card is in play.
Establishes a connection to the Internet through an Internet Service Provider (ISP).
This card allows you to put 2 Desktop or Server cards into play. You cannot gain points unless you have at least 1 ISP Connection in play.
A typical desktop computer that can be used to connect to the internet through an Internet Service Provider (ISP).
You receive 1 point each round this card is in play.
The CIAS was established at UTSA in June of 2001 as part of UTSA’s creation of a cybersecurity program. The CIAS delivers quality research, training, K-12 education, and competition and exercise programs to advance organizational and community cybersecurity capabilities and collaboration.
