Factors

Employee:
Location:
Device:

Policy summary

Biometric:
Passfaces:
Password:
Susie
Kevin
Iza
Susie Queue (32), PA to Department Head
(executive worker):

Kevin Clark (38), Facilities Technician
(road worker):

Iza Henata (26), Client Account Manager
(desk worker):

Security Policy Risk Simulator

An exploratory simulation game featuring the real-life complexities of corporate information security.
Goal

Your job is to balance low risk with low productivity costs. Become the best security manager in the industry.

How to play
  • You need to login or register in order to play.
  • When you enter the game, you are introduced to your new job - CISO at the energy company Global Sparks.
  • Design the company security policy, so that you keep both risks and productivity cost low.
  • Manage the incidents occurring under your security policy.
  • See how your policy compares to policies designed by others.




This is a work-in-progress demonstration. Project SPRKS is being developed at UCL Information Security Research Group and is supported by Intel and IBM. Code is open source under the MIT license. The development process is accessible on GitHub.

The website is tested to work with the Chrome Browser.

Register
Login
Password Recovery

You will be emailed a password reset link.

Settings

Set a new password

Your Company

Global Sparks is an international energy company, currently headquartered in London, which has begun to expand its operations internationally. In line with this strategy it started buying local electricity suppliers in the US in the early 2000s, and built up a substantial group of companies, primarily located on the West Coast. This period of rapid expansion has left the company somewhat fragmented internally, and this has begun to cause problems in terms of both business and security. To deal with this issue it has been going through a process of consolidating its acquisitions into a single company. An unfortunate side effect of this process has been a recent wave of redundancies. Almost all IT Support staff have been dismissed, because Global Sparks decided to outsource this function to a company based in India. A period of growth has followed the consolidation, and the company has started to hire again, but mostly in the form of contractors (staff on limited-term contracts, and without health and pension benefits). Many of these contractors are former employees of the companies Global Sparks acquired, and who had been made redundant. You have been hired as part of this process as a permanent security manager, with a brief to ensure that the consolidated company has not inherited any security weaknesses from its disparate components. Immediately several issues have come to light, resulting from both the mergers and the fluid hiring situation.

To aid you in your work please speak to one of the members of staff on the main map to get an idea of what the culture is like at Global Sparks:

Policy

Choose employee types

Choose location types

Choose device types

Number of authentication mechanisms:

Biometric (bdata)

Passfaces/swipe (pdata)

Password Policy























Incident


Date of Incident:

Policy:

Incident:

Consequences:

Risk Type:

Risk:

Monetary Cost:

Context:

Employee:

Location:

Device:


Profile

To see the policy options which have been changed during the game to achieve the current progress, please check the table below the graph.

Scores

Risk


risk: cost:

risk: cost:
1

risk: cost:

Productivity cost


cost: risk:

cost: risk:
1

cost: risk:

Average

Risk
avg_risk
Productivity cost
avg_pc