Gamified Tabletop Exercises for Effective Disaster Recovery Testing - by John Svazic (Paperback)

Book Synopsis

Tabletop exercises are a common way to test disaster recovery and business continuity plans, but they can also be some of the most dry and boring meetings any professional can attend. Following a set script with no variation can cause folks to lose interest and question the value of such exercises, even when they are required for compliance frameworks such as SOC2. What is a security professional to do? Simple--introduce variability by adding dice!

Gamification isn't a new idea, but applying some principles of gamification to a traditional tabletop exercise can breathe new life into a potentially monotonous activity. This book covers how to build a gamified tabletop exercise from the ground up, and provides example exercises you can build upon for your own needs. Not only will participation improve, but you will have reusable exercises to work with as each walk-through can produce different results, helping to cover multiple outcomes when testing your recovery capabilities.

By providing examples and a methodical approach on how to build gamification into a traditional tabletop, the goal is to provide a new perspective on tabletop exercises that should be more engaging for all participants, and thus more beneficial for everyone involved. Avoid the monotony and start practicing with realistic consequences for decisions with dice rolls!

What You Will Learn

• Plan, build, and execute tabletop exercises with participants
• Understand and explain gamification benefits and how to add it to traditional tabletop exercises
• Understand why and how to introduce such concepts to a traditional tabletop exercise
• Get up to speed on the purpose of tabletop exercises as well as how to improve participation and retention of exercise participants
• Compile tips and tricks to help when encountering unexpected issues during tabletop exercises, from unexpected decisions to difficult participants
• Know tools and techniques, such as using mind maps, to help plan and build gamified tabletop exercises

Who This Book Is For

GRC or security professionals who would are responsible for executing a tabletop exercise or otherwise tasked with annual testing of the company disaster recovery/business continuity plans. Even participants who are looking for alternatives to traditional "happy path" tabletops may be interested.

From the Back Cover

Tabletop exercises are a common way to test disaster recovery and business continuity plans, but they can also be some of the most dry and boring meetings any professional can attend. Following a set script with no variation can cause folks to lose interest and question the value of such exercises, even when they are required for compliance frameworks such as SOC2. What is a security professional to do? Simple--introduce variability by adding dice!

Gamification isn't a new idea, but applying some principles of gamification to a traditional tabletop exercise can breathe new life into a potentially monotonous activity. This book covers how to build a gamified tabletop exercise from the ground up, and provides example exercises you can build upon for your own needs. Not only will participation improve, but you will have reusable exercises to work with as each walk-through can produce different results, helping to cover multiple outcomes when testing your recovery capabilities.

By providing examples and a methodical approach on how to build gamification into a traditional tabletop, the goal is to provide a new perspective on tabletop exercises that should be more engaging for all participants, and thus more beneficial for everyone involved. Avoid the monotony and start practicing with realistic consequences for decisions with dice rolls!

What You Will Learn

• Plan, build, and execute tabletop exercises with participants
• Understand and explain gamification benefits and how to add it to traditional tabletop exercises
• Understand why and how to introduce such concepts to a traditional tabletop exercise
• Get up to speed on the purpose of tabletop exercises as well as how to improve participation and retention of exercise participants
• Compile tips and tricks to help when encountering unexpected issues during tabletop exercises, from unexpected decisions to difficult participants
• Know tools and techniques, such as using mind maps, to help plan and build gamified tabletop exercises

About the Author

John Svazic is the founder and principal consultant of EliteSec Information Security Consultants, a boutique information security consultancy near Toronto, Ontario, Canada. He has been writing and running gamified tabletops since 2017. He used to run an infosec podcast called Purple Squad Security, in which he had a few episodes running gamified tabletops with hosts from other infosec podcasts. He also had a talk at Tactical Edge 2020 and the True North 2018 where he led live tabletop exercises with volunteers.

John has been in the IT field for over 25 years, with the last 13 years focused on information security. He holds a number of certifications, including CISSP, CISM, OSCP, and others. His goal is to share knowledge and experience, as well as to get a bit more recognition for his efforts. He is not the first to try to gamifying tabletops, but his approach is a lot more approachable than others not in the infosec space.