People are the lynchpin to the success – or defeat – of a computer network. Use the Personnel Booster Pack to build assets by recruiting Penetration Testers and CISOs to strengthen your defenses or seek out weaknesses in an opponent’s defenses by playing a “Rogue Employee” or “Hacktivist” attack card. The Personnel Booster Pack is available in English and Spanish.
The security systems administrator is in charge of system monitoring, running regular backups, and setting up, deleting and maintaining individual user accounts.
Prevents Attack – Hack, Data Breach and Phishing type cards from being played. Discard this card after 3 rounds.
Security Managers create and execute security strategies based on the input from the Security Director and/or the CISO. They must also test and implement new security tools, lead security awareness campaigns and administer both budgets and staff schedules.
Before your draw phase, you may choose to put 1 card from your hand at the bottom of your deck and then draw 1 card.
You hold a recruitment drive in an attempt to bring in new personnel to your workforce.
Discard 1 card from your hand then draw 3 cards. Remove this card at the end of the round.
Penetration testers are authorized personnel tasked with breaking into and finding vulnerabilities in computers and networks before outside intruders can cause harm.
Search your deck for a Defense card that removes an Attack card your opponent has in play. Show your opponent the drawn card, then put that card into your hand and shuffle the deck. Discard this card after shuffling.
IT Security Engineers provide a specialized engineering approach to cybersecurity, often involved in systems maintenance and performing security checks.
You gain 1 point at the end of the round for each Attack card in your opponent’s discard pile, to a max of 3 points. Discard this card at the end of the round.
IT Security Consultants advise organizations how to best protect their cybersecurity objectives in a cost-effective manner.
When played, draw 1 card and show your opponent that card. If it’s a Defense card, draw another card. Otherwise, you gain 1 point at the end of the round. Discard this card at the end of the round.
An Information Security Analyst (ISA) is responsible for the protection of several computer systems and networks.
Choose one:
At the start of each round, select one of your Defense cards in play. It cannot be discarded this round by any opponent while this card is in play.
OR
Select an Asset card from your discard pile that is not a Personnel type and shuffle it into your deck. Discard this card at the end of the round.
Your opponent has been targeted with a coordinated campaign from a nefarious group who is opposed to their political views.
Select an opponent. That opponent must discard 1 card from the top of their deck. While in play, that opponent loses 2 points per round. Discard this card after 2 rounds.
One of your opponent’s staff has not kept up their certifications for their field and must be let go.
Choose an opponent and select 1 Personnel card that they have in play. Discard this card and the selected card immediately. If no Personnel card is in play, your opponent must reveal their hand and they must choose a Personnel card from their hand to discard if possible. Discard this card at the end of the round.
A Chief Information Security Officer (CISO) is responsible for planning, coordinating and directing all computer, network and data security needs of their employer.
Each Personnel card that you have in play, excluding Attack – Personnel, generates 1 point at the end of the round while this card is in play. Discard this card after 2 rounds. You may only have one “CISO” card in play at a time.
A Computer Emergency Response Team (CERT) is engaged to respond to security breaches, viruses and other potentially catastrophic incidents impacting your network.
Play up to two Defense cards from your hand as Events in response to an Attack played against you. At the end of the round, you lose 1 point for each Defense card played in this way. Discard this card at the end of the round.
A disgruntled employee that works for your opponent intentionally allowed a major data breach to occur. The employee has been caught and fired.
Remove a Personnel card, excluding Attack – Personnel, that an opponent has in play. If that opponent has no Personnel in play, excluding Attack – Personnel, remove one of their Defense cards instead. That opponent loses 2 points at the end of the round. Discard this card at the end of the round.
The CIAS was established at UTSA in June of 2001 as part of UTSA’s creation of a cybersecurity program. The CIAS delivers quality research, training, K-12 education, and competition and exercise programs to advance organizational and community cybersecurity capabilities and collaboration.