|
Network Security: Defend and Protect |
|
|
| Instructional Objective | Learners & Context | Object of Game | Game Materials | | Time Required | Rules | Design Process | References | Network Security: Defend and Protect will help learners: §
Understand network security technologies and processes. §
Make proactive decisions about network security that address
business and regulatory requirements. §
Respond appropriately to unanticipated security situations that
impact business and network operations. This game is designed
for information technology professionals who are new to the network security
field. Network security is a
growth area in information technology. Although some network security
professionals may have a background in traditional security, the majority of
professionals have a technical background. It is expected that most learners
will have two to five years of experience in network engineering or system
administration. This game can, and should, be used in conjunction with training from security product vendors. The object of the game is to build secure financial service businesses and acquire servers and datacenters. The player with the most assets and cash wins. The game consists of the following equipment:
To set up the game: 1.
Place the game board on a table. 2.
Set the 3.
Choose a token to represent each player on the game board. A typical four-player
game will take about 90 minutes to play. The rules of the game
are similar to those for the traditional Monopoly game. §
One person is designated as the banker. The banker also holds the
Line of Business cards. Each player is given $1,500 at the beginning of the
game. §
Each player throws the dice, and moves their token in the direction
of the arrow by the number of spaces indicated on the dice. §
Depending on the space the token reaches, a player may: -
Buy a line of business, -
Pay a fee, or -
Draw a Good News or Bad News card §
If a player lands on a line of business owned by another player,
he/she must pay a fee. Businesses that are “improved” with servers or
datacenters command a higher fee. §
Each time a player passes GO, the banker will pay them $2,000. The initial design goal
of Network Security: Defend and Protect was to present network security in a
holistic framework that included technology, processes, business, and
liability. One reason network security is problematic in an organization is
because responsibility is distributed in functional silos … think of the poem about the six
blind men and the elephant: So
begins the famous poem about six blind men encountering an elephant for the
first time. Each man, seizing upon a single feature of the animal he first
touches, (and not seeing the elephant as a whole), loudly maintains a limited
perspective on the nature of the beast. Variously described as a wall, a
spear, a snake, a tree, a fan or a rope -- depending on whether the blind men
had first grasped the creature's side, tusk, trunk, knee, ear or tail. In addition to
addressing this fundamental problem, I wanted a design that engaged the
learner, without being dogmatic. I decided to use the interface of the
popular, Monopoly game, which had developed in the public
domain before it was commercialized. Because the game was in the
public domain, I was able to borrow the design and playing conventions
without infringing on trademarks or copyrights. The decision to use the
Monopoly interface had two key benefits: §
It shorted design time, and §
It gave the learner a proven and familiar interface Initially, I thought
the title cards would be used to represent security products and processes.
After giving this some thought, it became apparent that using this approach
exclusively would be too technology-centric. Therefore, I modified
my design and decided to use the majority of title cards as lines of
business. After some initial research, I chose the financial services segment
since it has several, mission-critical lines of business that require an
assortment of network security solutions. Banks, brokerages, credit cards,
and even Web services can be referenced as lines of business on the game
board. And, since financial services are a heavily regulated industry, there
are plenty of topics to use in the Good News/Bad News cards. The next step was
presenting a rough prototype of the game concept to potential players. I made
a mock-up of some line-of-business cards and Threat and Other feedback from the
prototype included a request to add more complexity by giving players the
ability to damage the assets of other players. This could make the game
engaging for more competitive players, but it did not support the objectives
or advance the learning potential of the game. Therefore, I did not
incorporate this feedback into the design. Lessons
Learned All in all, I was
satisfied with the final product as version 1. However, the complexity of the
topic combined with a fixed interface was challenging. Using the Monopoly
interface limited modifications that may have better accommodated the
content. For example, I would have added more opportunities for players to
draw Good News/Bad News cards. There was also a higher
luck factor than I intended. My initial plan to make decision-making about
network security have a stronger impact on the game outcome. Both of these
issues are things to think about in version 2 … The following Web references were used to develop the design of the game:
|
Return to the Board Game Table of Contents.
Last updated October 2004