Security Policy Risk Simulator
An exploratory simulation game featuring the real-life complexities of corporate information security.
Your job is to balance low risk with low productivity costs. Become the best security manager in the industry.
How to play
- You need to login or register in order to play.
- When you enter the game, you are introduced to your new job - CISO at the energy company Global Sparks.
- Design the company security policy, so that you keep both risks and productivity cost low.
- Manage the incidents occurring under your security policy.
- See how your policy compares to policies designed by others.
This is a work-in-progress demonstration. Project SPRKS is being developed at UCL Information Security Research Group and is supported by Intel and IBM. Code is open source under the MIT license. The development process is accessible on GitHub.
The website is tested to work with the Chrome Browser.
Global Sparks is an international energy company, currently headquartered in London, which has begun to expand its operations internationally. In line with this strategy it started buying local electricity suppliers in the US in the early 2000s, and built up a substantial group of companies, primarily located on the West Coast. This period of rapid expansion has left the company somewhat fragmented internally, and this has begun to cause problems in terms of both business and security. To deal with this issue it has been going through a process of consolidating its acquisitions into a single company. An unfortunate side effect of this process has been a recent wave of redundancies. Almost all IT Support staff have been dismissed, because Global Sparks decided to outsource this function to a company based in India. A period of growth has followed the consolidation, and the company has started to hire again, but mostly in the form of contractors (staff on limited-term contracts, and without health and pension benefits). Many of these contractors are former employees of the companies Global Sparks acquired, and who had been made redundant. You have been hired as part of this process as a permanent security manager, with a brief to ensure that the consolidated company has not inherited any security weaknesses from its disparate components. Immediately several issues have come to light, resulting from both the mergers and the fluid hiring situation.
To aid you in your work please speak to one of the members of staff on the main map to get an idea of what the culture is like at Global Sparks:
Date of Incident: