You are a lone IT Security Expert on the noble quest of defending your company against evil hackers. On the line is a lot of overtime, the wrath of your colleagues, and an unpleasant talk with management. So be prepared to prove your knowledge.
The player with the most knowledge is assigned the role of the hacker. He shuffles the deck, sorts the cards face down by color, and draws a card from every stack (Initial Access, Privilege Escalation, Persistence, Lateral Movement & C2 & Exfiltration, Impact) other than the black Eventcards. The hacker then creates an incident situation based on the Attackcards and relates as much as possible to his work environment. The hacker will reveal the scenario of the first card, and the IT Security Experts have time to write down a way to prevent and detect this kind of attack. When everyone is finished, every IT Security Expert rolls a die; if the number is a 1 or 2 (this can change with Eventcards), the attack was successfully prevented. Otherwise, the player has a second chance to do the same with the detection method. If the attack was successfully prevented or detected, the player gets a Defenderpoint. After every Attackcard, the hacker must draw an Eventcard and give it to one of the IT Security Experts. This continues until all Attackcards are processed, and the attack is completed. The IT Security Expert with the most Defenderpoints is the winner and has successfully prevented the hacker’s attack. After the Game, all participants should work together to determine if the played infiltration would be possible in their infrastructure and what could be done to prevent it.