Close this search box.

CTD Card Game

ISAO Booster

The Information Sharing and Analysis Organization (ISAO) Standards Organization’s mission is to improve the nation’s cybersecurity posture by identifying standards and guidelines for robust and effective information sharing and analysis related to cybersecurity risks, incidents, and best practices.

With a focus on how information sharing can positively effect an organization’s cybersecurity posture, the ISAO Standards Organization Booster Pack contains cards that show how organization’s engaged in voluntarily sharing information related to cybersecurity risk and incidents can help prevent and mitigate cyber incidents. Within the ISAO SO Booster Pack is the rare “ISAO Membership” card and uncommon “Attend Security Conference” card to help build up your assets.

Released February 2016

Discontinued December 2018


An attacker has used an undocumented security vulnerability, or zero-day exploit, to gain access to your opponent’s network through their affected server. Investigation of this issue has only just begun. No official solutions or patches yet exist to defend against this exploit.

Select an Asset – Server that an opponent has in play. That player loses 5 points this round. Discard this card at the end of the round.

Reports of server unresponsiveness and failures have forced your opponent to take one of their servers offline for maintenance.

Select an Asset – Server that an opponent has in play. That Asset – Server and all cards attached to it do not generate any points this round.

Planning is an essential component of any cybersecurity effort. Anticipating what might occur and preparing an appropriate response will increase your success rate against potential threats.

You may look at the top four cards in your deck and re-arrange them in any order, then discard this card.

Your opponent’s data has been audited, and it appears that some personal information is not being properly removed from the data before being shared. This privacy violation has caused damage to their reputation and may lead to litigation.

Select an Asset – Data card that your opponent has in play. That card now has a value of -3 for this round. Discard Privacy Violation at the end of this round.

You just became a member of an Information Sharing and Analysis Organization (ISAO), which analyzes and shares information related to cybersecurity risks and incidents, enhancing your situational awareness and ability to respond to cyber threats.

While this card is in play, whenever an Attack card is put into play by an opponent, you may immediately put a Defense card from your hand into play.

You identified gaps in your cyber defense plans, making notes of all active attacks on your network, and logged this information so that you can update your cyber incident response plan. Updates to this incident response plan can improve your cybersecurity.

You gain 1 point for each attack that is affecting you this round. Remove this card from play at the end of this round.

You have acquired and configured a server to host database applications and facilitate queries and connections to that data.

You receive 1 point each round this card is in play.

A malicious attacker has gained access to one of your opponent’s machines and destroyed all of the data files stored on that device.

Select an Asset – Server that an opponent has in play. All Asset – Data cards currently attached to that opponent’s Asset – Server are removed from play. Remove Data Destruction from play after use.

Your opponent is struggling to maintain a sustainable budget. It is not uncommon for security budgets to be cut when a business encounters financial difficulties. Unfortunately, this will often affect the security readiness of the company.

Select an opponent. That opponent must discard from play one Asset card of their choice.

You attend one of the largest cybersecurity conferences in the world. While there, you meet insightful security professionals, learn about some of the latest technologies, and gather some useful free resources.

Draw three cards and then discard this card.

You become involved in sharing cyber threat information, which improves global network security and undermines potential threats by enabling participants to better identify vulnerabilities, prepare for attacks, and recover from incidents.

While this card is in play, each Attack – Hack card affecting you has a total value of -1 point per round instead of its normal value.

You create a honeypot which is intended to detect unauthorized activity on your network. This closely monitored data appears to contain vulnerable, valuable and useful information, but it is designed as bait for network intrusion detection.

Attach this to an Asset – Server that you have in play. If this Asset – Server is the target of an Attack – Data Breach, you may choose to prevent that attack; if so, discard this Honeypot card.