Awesome Security Card Games !Awesome (https://awesome.re/badge.svg) (https://github.com/sindresorhus/awesome)

▐ A curated list of security card games (which are sometimes known as tabletop exercises).

Security card games help train your skills and enable discussions for various areas of security.

Contents

- Application Security (#application-security)
- Cryptography (#cryptography)
- Data Privacy (#data-privacy)
- Incident Response (#incident-response)
- Threat Modeling (#threat-modeling)
- Various Resources (#various-resources)

Application Security

- Cornucopia (https://cornucopia.owasp.org) - OWASP® Cornucopia is a threat modeling tool in the form of a card game to assist software development teams identify security requirements in Agile, conventional and formal development processes. It's
based on OWASP's Top 10, ASVS/MASVS/MASTG, CAPEC and SAFECode. The card decks (https://cornucopia.owasp.org/webshop)) are available both as a Website version and a Mobile version as physical decks that can be bought online or in a digital format 
at copi.owasp.org (https://copi.owasp.org).

Cryptography

- Crypto Go (https://www.cryptogogame.com/EN) - An educational card game designed to teach up to date 
  symmetric cryptography. Crypto Go deck consists of cards representing modern cryptographic tools.

Data Privacy

- Know your risks (https://aca.edu.au/resources/cyber-sharing-cards/) - Learn what information is safe to share online and understand the risks. Learn about whether to share, not share or be cautious with different pieces of information.

Incident Response

- Backdoors & Breaches (https://www.blackhillsinfosec.com/projects/backdoorsandbreaches/) - An incident response card game. It helps you conduct incident response tabletop exercises and learn attack tactics, tools, and methods.
- Defensomania (https://github.com/Karneades/Defensomania) - An incident response card game for security monitoring and incident response teams to discuss priorities, possible response actions and attack scenarios.

Threat Modeling

- Elevation of Privilege (EOP) by Microsoft (https://web.archive.org/web/20150312215303/http://www.microsoft.com/security/sdl/adopt/eop.aspx) - A card game based on Microsoft's threat modeling framework "STRIDE" (Spoofing, Tampering etc.). The 
card deck (https://www.microsoft.com/en-us/download/details.aspx?id=20303) is available as PDF from Microsoft. Adam Shostack, the author of EoP has also a git repo (https://github.com/adamshostack/eop/) for EoP.
- Security Cards (http://securitycards.cs.washington.edu/index.html) - A card game encouraging to think broadly and creatively about computer security threats. Four dimensions are covered: Human Impact, Adversary's Motivations, Adversary's 
Resources, Adversary's Methods.
- Cumulus (https://github.com/TNG/cumulus) - A threat modeling card game for the clouds which helps you find threats to your DevOps or cloud project and teaches developers a security oriented mindset.

Various Resources

- Tabletop Security Games & Cards (https://adam.shostack.org/games.html) - List of security card games created and maintained by Adam Shostack.
- Tabletop Simulations to Improve Your Information Security Program (https://redcanary.com/blog/using-tabletop-simulations-to-improve-information-security/) - Red Canary's write-up about tabletop exercises for information security programs.
- Game On: Tabletop Games to Teach Cyber and Information Security Concepts (https://www.linkedin.com/pulse/game-tabletop-games-teach-cyber-information-security-mike-mcgannon) - List of tabletop games to teach cyber and information security 
concepts.

Contributing

Contributions welcome! Read the contribution guidelines (CONTRIBUTING.md) first.

securitycardgames Github: https://github.com/Karneades/awesome-security-card-games