CTD Card Game

ISAO Booster

The Information Sharing and Analysis Organization (ISAO) Standards Organization’s mission is to improve the nation’s cybersecurity posture by identifying standards and guidelines for robust and effective information sharing and analysis related to cybersecurity risks, incidents, and best practices.

With a focus on how information sharing can positively effect an organization’s cybersecurity posture, the ISAO Standards Organization Booster Pack contains cards that show how organization’s engaged in voluntarily sharing information related to cybersecurity risk and incidents can help prevent and mitigate cyber incidents. Within the ISAO SO Booster Pack is the rare “ISAO Membership” card and uncommon “Attend Security Conference” card to help build up your assets.

Released February 2016

Discontinued December 2018

Zero-Day Exploit card
Unscheduled Maintenance card
Strategic Planning card
Privacy Violation card
ISAO Membership card
Threat Analysis card
Database Server card
Data Destruction card
Attend Security Conference card
Information Sharing card
Honeypot card
Zero-Day Exploit card

Zero-Day Exploit

An attacker has used an undocumented security vulnerability, or zero-day exploit, to gain access to your opponent’s network through their affected server. Investigation of this issue has only just begun. No official solutions or patches yet exist to defend against this exploit.

Select an Asset – Server that an opponent has in play. That player loses 5 points this round. Discard this card at the end of the round.

Unscheduled Maintenance card

Unscheduled Maintenance

Reports of server unresponsiveness and failures have forced your opponent to take one of their servers offline for maintenance.

Select an Asset – Server that an opponent has in play. That Asset – Server and all cards attached to it do not generate any points this round.

Strategic Planning card

Strategic Planning

Planning is an essential component of any cybersecurity effort. Anticipating what might occur and preparing an appropriate response will increase your success rate against potential threats.

You may look at the top four cards in your deck and re-arrange them in any order, then discard this card.

Privacy Violation card

Privacy Violation

Your opponent’s data has been audited, and it appears that some personal information is not being properly removed from the data before being shared. This privacy violation has caused damage to their reputation and may lead to litigation.

Select an Asset – Data card that your opponent has in play. That card now has a value of -3 for this round. Discard Privacy Violation at the end of this round.

ISAO Membership card

ISAO Membership

You just became a member of an Information Sharing and Analysis Organization (ISAO), which analyzes and shares information related to cybersecurity risks and incidents, enhancing your situational awareness and ability to respond to cyber threats.

While this card is in play, whenever an Attack card is put into play by an opponent, you may immediately put a Defense card from your hand into play.

Threat Analysis card

Threat Analysis

You identified gaps in your cyber defense plans, making notes of all active attacks on your network, and logged this information so that you can update your cyber incident response plan. Updates to this incident response plan can improve your cybersecurity.

You gain 1 point for each attack that is affecting you this round. Remove this card from play at the end of this round.

Database Server card

Database Server

You have acquired and configured a server to host database applications and facilitate queries and connections to that data.

You receive 1 point each round this card is in play.

Data Destruction card

Data Destruction

A malicious attacker has gained access to one of your opponent’s machines and destroyed all of the data files stored on that device.

Select an Asset – Server that an opponent has in play. All Asset – Data cards currently attached to that opponent’s Asset – Server are removed from play. Remove Data Destruction from play after use.

Budget Cuts

Your opponent is struggling to maintain a sustainable budget. It is not uncommon for security budgets to be cut when a business encounters financial difficulties. Unfortunately, this will often affect the security readiness of the company.

Select an opponent. That opponent must discard from play one Asset card of their choice.

Attend Security Conference card

Attend Security Conference

You attend one of the largest cybersecurity conferences in the world. While there, you meet insightful security professionals, learn about some of the latest technologies, and gather some useful free resources.

Draw three cards and then discard this card.

Information Sharing card

Information Sharing

You become involved in sharing cyber threat information, which improves global network security and undermines potential threats by enabling participants to better identify vulnerabilities, prepare for attacks, and recover from incidents.

While this card is in play, each Attack – Hack card affecting you has a total value of -1 point per round instead of its normal value.

Honeypot card

Honeypot

You create a honeypot which is intended to detect unauthorized activity on your network. This closely monitored data appears to contain vulnerable, valuable and useful information, but it is designed as bait for network intrusion detection.

Attach this to an Asset – Server that you have in play. If this Asset – Server is the target of an Attack – Data Breach, you may choose to prevent that attack; if so, discard this Honeypot card.

Get Updates And Stay Connected Subscribe To Our Newsletter

Subscribe

The CIAS was established at UTSA in June of 2001 as part of UTSA’s creation of a cybersecurity program. The CIAS delivers quality research, training, K-12 education, and competition and exercise programs to advance organizational and community cybersecurity capabilities and collaboration.

Contact

Facebook Youtube Linkedin
© 2024 The Center for Infrastructure Assurance and Security. This work is licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License

CIAS in the news

arrow