HOW TO PLAY INCIDENT SHUFFLE

SELF ASSESSMENT - SINGLE PLAYER

Get in Touch

Purpose

  • Conduct a self-assessment for a specific procedure or plan to ensure it is comprehensive and fit for purpose.

Guidance

  • Identify the specific plan or procedure you wish to review
  • Shuffle only the question cards and draw a random card from the deck
  • Evaluate the drawn question in the context of the selected plan or procedure
  • Assess whether the plan or procedure adequately addresses the question
  • Determine if there are any gaps or areas that need improvement
  • Once you are confident that the question has been fully addressed, place the question card into a separate pile, face down, and draw another card
  • If follow-up actions are needed, place the question card in a different pile, question side up (this pile will be revisited later)
  • Continue drawing and evaluating cards until all question cards have been considered
  • Review the pile of follow-up cards
  • Use the identified gaps to develop an action plan to address the issues highlighted

THE DIFFERENT TYPES OF CARDS

SCENARIO CARD

INCIDENT
SHUFFLE

A RESILIENCE CARD GAME
Scenario Card
  • High-level incident scenarios to consider
  • Contextualise scenarios with your organisation and plans
  • Discuss the scenario and potential impacts before drawing question cards
  • While the exercise is entirely fictional, it is based on realistic threats
  • Be careful not to get caught up on the fine details, make any assumptions where required
QUESTION CARD

INCIDENT
SHUFFLE

A RESILIENCE CARD GAME
Question Card
  • Provide prompts for scenario-based consideration
  • Reflect on your own response and confidence level
  • Discuss group expectations and necessary measures for confident answers
  • The objective is not to find straightforward answers but to stimulate discussion and critical evaluation
  • If a question is not relevant to the scenario or easily answered, discard it and draw another card
INFORMATION CARD

INCIDENT
SHUFFLE

A RESILIENCE CARD GAME
Information Card
  • Enhances your program with more ways to customise the pack

FOCUSED SCENARIO – GROUP DISCUSSION

Purpose
Facilitate a group of stakeholders to challenge and assess designed procedures and plans against a specific scenario, ensuring they provide all the required guidance and support.

  • Define the scope of the game, focusing on the specific plans, procedures, or business area you wish to test
  • Separate the scenario cards and question prompt cards into two piles. Shuffle each pile separately
  • Select one scenario card and discuss its relevance to your organisation and the scope of the discussion
  • If this is not your first time using Incident Shuffle or there is a specific scenario you wish to explore, substitute it at this stage rather than drawing a new scenario card
  • Ensure all participants understand the scenario and its implications within the context of your organisation
  • Begin drawing question cards one by one, discussing each question as a group
  • If a question is not relevant to the scenario or easily answered, discard it and draw another card
  • Focus on the discussion around each question, evaluating the level of preparedness and identifying any gaps or areas needing improvement
  • The objective is not to find straightforward answers but to stimulate discussion and critical evaluation
  • Repeat the process of drawing and discussing question cards until you feel the scenario has been sufficiently covered or a significant number of question cards have been reviewed
  • As a group, review the actions resulting from the discussions
  • Note down all follow-up actions for implementation after the session

POLY-SCENARIO – GROUP DISCUSSION

Purpose
Introduce additional complexity to a focused scenario by incorporating a secondary incident, such as a physical incident leading to a cyber attack, to challenge and test the robustness of procedures and plans.

  • Define the scope of the game, focusing on the specific plans, procedures, or business area you wish to test
  • Separate the scenario cards and question prompt cards into two piles. Shuffle each pile separately
  • Select one scenario card and discuss its relevance to your organisation and the scope of the discussion

If this is not the first session or you have a specific scenario to explore, substitute it at this stage rather than drawing a new scenario card

  • Ensure all participants understand the initial scenario and its implications within the context of your organisation
  • Begin drawing question cards one by one, discussing each question as a group
  • If a question is not relevant to the scenario or easily answered, discard it and draw another card
  • Focus on the discussion around each question, evaluating the level of preparedness and identifying any gaps or areas needing improvement

At a suitable point during gameplay, pause the group and introduce a second scenario to add complexity. Ensure the secondary scenario is plausible, such as a cyber attack following a public incident

  • Ask the group to reassess their actions and decisions considering the new issue introduced by the secondary scenario
  • Continue pulling question cards and discussing them, now considering the impact of both incidents on their responses and resource allocation
  • Repeat the process of drawing and discussing question cards until you feel the combined scenarios have been sufficiently covered or a significant number of question cards have been reviewed
  • As a group, review the actions resulting from the discussions
  • Note down all follow-up actions for implementation after the session

GUIDANCE ON HOW TO CUSTOMISE THE SCENARIO TO YOUR ORGANISATION

  • Consider which specific critical systems or databases within your organisation could be targeted by ransomware
  • Identify which departments or functions would be most affected by an encryption of your network
  • Determine which sensitive data within your organisation would be most at risk and damagins if encrypted
  • Reflect on your organisation’s stance and policies regarding ransom payments and cryptocurrency use
  • Think about any previous cyber incidents your organisation has faced and how they were handled
  • Identify the key suppliers and partners critical to your operations that could be targets for impersonation
  • Focus on specific financial processes and payment protocols within your organisation that could be exploited
  • Consider which departments (e.g., finance, procurement) are most vulnerable to social engineering attacks
  • Reflect on any past incidents involving third-party compromises or fraud attempts within your organisation
  • Customise the scenario based on the geographic locations of your key suppliers and partners
  • Specify the types of sensitive data (e.g., customer information, trade secrets) that would be most damaging if leaked
  • Identify potential sources of data leaks within your organisation, such as specific databases or employee roles
  • Consider the different access points (e.g., internal networks, cloud services) where a data leak could occur
  • Reflect on the specific regulatory and compliance requirements your organisation must adhere to regarding data protection
  • Think about previous data breaches or leaks your organisation has experienced and their impact
  • Specify which locations or sites (e.g., head office, branch offices) would be most impacted by a power outage
  • Identify the critical functions and operations at the chosen site and how a power outage would impact them
  • Consider the existing backup power solutions (e.g., generators, UPS) your organisation has in place and their limitations
  • Customise the scenario based on the specific geographic region and its vulnerability to power outages
  • Reflect on any past power outages your organisation has experienced and their impact on operations
  • Specify the location of your offices that would be impacted under the scenario.
  • Identify which employees, teams or functions would be affected and how their safety and ability to work could be impacted
  • Consider which business functions are most vulnerable to disruption due to restricted access to your offices
  • Think about the feasibility and readiness of remote work or relocation options for your organisation
  • Reflect on previous instances of civil unrest near your organisation and their impact on operations
  • Identify the specific IT services or systems within your organisation impacted by an outage under the scenario
  • Consider which departments or business functions would be most affected by the loss of those IT services
  • Think about alternative solutions or backup systems that your organisation has in place to mitigate IT outages
  • Customise the scenario based on the geographic distribution of your IT infrastructure and services
  • Reflect on previous IT outages your organisation has experienced and their impact on operations