Full Report
Join our Incident Master Ean Meyer as we play another round of Backdoors & Breaches (B&B) session using our new Tabletop Simulator (TTS) version! If you have STEAM / TABLETOP […] The post Backdoors & Breaches LIVE – 5/19/2021 appeared first on Black Hills Information Security, Inc..
Analysis Summary
# Best Practices: Tabletop Security Incident Simulation and Training
## Overview
These practices focus on leveraging security tabletop exercises, specifically using the "Backdoors & Breaches" (B&B) game methodology, as a practical means for teams to train defensive (Blue Team) and offensive (Incident Response) skills. The core goal is to improve coordination, decision-making, and understanding of attack vectors in a simulated, low-stakes environment.
## Key Recommendations
### Immediate Actions
1. **Acquire Training Tools:** Ensure necessary software licenses and platforms are available for simulation (e.g., Steam, Tabletop Simulator - TTS).
2. **Obtain the Exercise Material:** Secure the "Backdoors & Breaches" game components, specifically the version compatible with the chosen simulation platform (e.g., the B&B Workshop content on Steam).
3. **Review Setup Documentation:** Immediately consult the provided guide for installing and utilizing the B&B game within Tabletop Simulator to enable rapid initial deployment.
### Short-term Improvements (1-3 months)
1. **Establish Core Roles:** Clearly define and assign roles for simulation exercises, such as Incident Master, Defenders (Blue Team members), and Game Play Master to ensure structured facilitation.
2. **Conduct Initial Game Sessions:** Schedule and execute several rounds of the Backdoors & Breaches exercise to familiarize participants with the mechanics, common attack patterns, and defensive responses.
3. **Integrate Incident Master Feedback:** The Incident Master must actively guide the simulation, providing context and immediate feedback during gameplay to maximize learning utility.
### Long-term Strategy (3+ months)
1. **Establish Continuous Training Cycles:** Integrate B&B sessions or similar tabletop exercises into a regular, recurring security training schedule (e.g., quarterly or monthly).
2. **Evolve Scenarios:** Progress beyond base scenarios to incorporate organization-specific threat models or recently observed attack techniques to maintain high relevance.
3. **Cross-Functional Participation:** Systematically include leadership, technical teams, and non-technical stakeholders (where appropriate) in the simulations to improve organization-wide incident readiness.
## Implementation Guidance
### For Small Organizations
- **Focus on Core Play:** Start by playing the game with a minimal team structure (e.g., one Incident Master, two Defenders) to quickly grasp critical interaction points.
- **Utilize Available Resources:** Leverage free training materials and community discussions (where available) to supplement understanding without large upfront investment in specialized platforms beyond Tabletop Simulator.
### For Medium Organizations
- **Formalize Role Assignments:** Implement a rotating schedule for Incident Master and Defender roles to broaden organizational knowledge of the simulation process and attack logic.
- **Document Learnings:** Create a centralized repository for observations, successful defense strategies, and gaps identified during each session.
### For Large Enterprises
- **Scale Simulation Scope:** Run parallel sessions targeting different organizational segments or focusing on specific service environments (e.g., Development vs. Production).
- **Integrate with Formal IR Plans:** Use the outcomes of B&B exercises to directly identify and update deficiencies found in the organization's existing formal Incident Response plans.
## Configuration Examples
No specific technical configurations (like firewall rules or registry settings) are provided in the source material, as the focus is on utilizing the **Backdoors & Breaches Tabletop Simulator (TTS) Workshop content**.
* **Prerequisite Configuration Steps:**
1. Install Steam.
2. Purchase and install Tabletop Simulator (TTS).
3. Subscribe to the specific Backdoors & Breaches Workshop item via Steam ([Workshop Link Indication](https://steamcommunity.com/sharedfiles/filedetails/?id=2401033477)).
## Compliance Alignment
While the source material does not explicitly map to major compliance frameworks (like NIST CSF or ISO 27001), tabletop simulation directly supports the following critical functional areas:
- **NIST SP 800-84:** Related to Security Program Development and Evaluation, specifically testing incident response capabilities.
- **ISO/IEC 27001/27002:** Supports requirement A.16.1 (Information security incident management process) by practicing response procedures.
- **NIST CSF (Identify & Respond Functions):** Validating the organization's ability to identify threats and respond effectively to detected incidents.
## Common Pitfalls to Avoid
- **Treating it as purely a game:** Do not lose focus on applying real-world criticality; ensure decisions map back to operational risk.
- **Failure to rotate roles:** Restricting the Incident Master role prevents defenders from learning the attacker perspective, hindering holistic understanding.
- **Ignoring documentation:** Skipping the review of setup guides (like the specific TTS guide) leads to wasted time troubleshooting software installation instead of practicing security.
## Resources
- **Backdoors & Breaches Game:** The core simulation tool itself.
- **Tabletop Simulator (TTS):** The essential platform required to run the digital version of the game.
- **BHIS Spearphish General Store:** Source for related materials like the PROMPT# Zine (ANTISOC Issue).
- **BHIS Tabletop Simulator Guide:** Documentation available on the Black Hills Information Security website detailing the installation and use of B&B within TTS for setup assistance.
- **Antisyphon Training:** Providers of associated training to further develop skills.