Network Security: Defend and Protect
Network Security: Defend and Protect will help learners:
§ Understand network security technologies and processes.
§ Make proactive decisions about network security that address business and regulatory requirements.
§ Respond appropriately to unanticipated security situations that impact business and network operations.
This game is designed for information technology professionals who are new to the network security field.
Network security is a growth area in information technology. Although some network security professionals may have a background in traditional security, the majority of professionals have a technical background. It is expected that most learners will have two to five years of experience in network engineering or system administration.
This game can, and should, be used in conjunction with training from security product vendors.
The object of the game is to build secure financial service businesses and acquire servers and datacenters. The player with the most assets and cash wins.
The game consists of the following equipment:
To set up the game:
1. Place the game board on a table.
3. Choose a token to represent each player on the game board.
A typical four-player game will take about 90 minutes to play.
The rules of the game are similar to those for the traditional Monopoly game.
§ One person is designated as the banker. The banker also holds the Line of Business cards. Each player is given $1,500 at the beginning of the game.
§ Each player throws the dice, and moves their token in the direction of the arrow by the number of spaces indicated on the dice.
§ Depending on the space the token reaches, a player may:
- Buy a line of business,
- Pay a fee, or
- Draw a Good News or Bad News card
§ If a player lands on a line of business owned by another player, he/she must pay a fee. Businesses that are “improved” with servers or datacenters command a higher fee.
§ Each time a player passes GO, the banker will pay them $2,000.
The initial design goal of Network Security: Defend and Protect was to present network security in a holistic framework that included technology, processes, business, and liability. One reason network security is problematic in an organization is because responsibility is distributed in functional silos … think of the poem about the six blind men and the elephant:
So begins the famous poem about six blind men encountering an elephant for the first time. Each man, seizing upon a single feature of the animal he first touches, (and not seeing the elephant as a whole), loudly maintains a limited perspective on the nature of the beast. Variously described as a wall, a spear, a snake, a tree, a fan or a rope -- depending on whether the blind men had first grasped the creature's side, tusk, trunk, knee, ear or tail.
In addition to addressing this fundamental problem, I wanted a design that engaged the learner, without being dogmatic. I decided to use the interface of the popular, Monopoly game, which had developed in the public domain before it was commercialized. Because the game was in the public domain, I was able to borrow the design and playing conventions without infringing on trademarks or copyrights.
The decision to use the Monopoly interface had two key benefits:
§ It shorted design time, and
§ It gave the learner a proven and familiar interface
Initially, I thought the title cards would be used to represent security products and processes. After giving this some thought, it became apparent that using this approach exclusively would be too technology-centric.
Therefore, I modified my design and decided to use the majority of title cards as lines of business. After some initial research, I chose the financial services segment since it has several, mission-critical lines of business that require an assortment of network security solutions. Banks, brokerages, credit cards, and even Web services can be referenced as lines of business on the game board. And, since financial services are a heavily regulated industry, there are plenty of topics to use in the Good News/Bad News cards.
The next step was
presenting a rough prototype of the game concept to potential players. I made
a mock-up of some line-of-business cards and Threat and
Other feedback from the prototype included a request to add more complexity by giving players the ability to damage the assets of other players. This could make the game engaging for more competitive players, but it did not support the objectives or advance the learning potential of the game. Therefore, I did not incorporate this feedback into the design.
All in all, I was satisfied with the final product as version 1. However, the complexity of the topic combined with a fixed interface was challenging. Using the Monopoly interface limited modifications that may have better accommodated the content. For example, I would have added more opportunities for players to draw Good News/Bad News cards.
There was also a higher luck factor than I intended. My initial plan to make decision-making about network security have a stronger impact on the game outcome. Both of these issues are things to think about in version 2 …
The following Web references were used to develop the design of the game:
Return to the Board Game Table of Contents.
Last updated October 2004