K-12 Cybersecurity & Incident Response Tabletop Game
A tabletop exercise game for K-12 technology leaders, administrators, and educators. Navigate real-world data breaches, ransomware attacks, physical disasters, and cyber incidents using NIST Cybersecurity Framework 2.0 and CISA guidance.
Designed for CTOs, Directors of Technology, campus administrators, and IT staff in K-12 school districts. Teams compete by crafting the best response to crisis scenarios — scored by peers.
Divide participants into 2–6 teams of 3–5 people. Each team selects a team name and designates a spokesperson.
Use the Scenario Generator below or select from the library. Each team views the same scenario simultaneously.
Teams discuss internally and draft a response using the Anatomy of a Response framework. Use the NIST CSF as a guide.
Each team's spokesperson presents their response. The group votes on the most complete, realistic response. Winning team advances on the board.
After voting, reveal the CISA-aligned response guidance embedded in each scenario card. Discuss gaps and lessons learned.
Roll the die below to advance. The first team to reach the FINISH space on your physical or digital game board wins.
Click the die to roll for team movement. Winning team rolls after each round.
All team responses must address these five questions as completely as possible within the time limit. Incomplete answers score lower when peers vote.
What is your Recovery Time Objective (RTO)? How long can operations be offline before severe business impact?
What is the probability of this scenario? Rate as Rare / Possible / Likely / Near-Certain and explain why.
What is the impact on district operations? Consider students, staff, legal exposure, finances, and reputation.
Who needs to be involved? Name specific roles: CTO, Superintendent, Legal, Law Enforcement, CISA, Vendor, Media, etc.
What data/systems must be restored first? Prioritize by criticality to student safety and district operations.
What controls would prevent recurrence? Reference NIST CSF 2.0 Protect and Govern functions for bonus points.
The National Institute of Standards and Technology Cybersecurity Framework 2.0 provides six core functions that serve as the backbone for every scenario response in this game. Each scenario card maps to relevant CSF functions.
Policies, roles, responsibilities, and risk strategy. The foundation of cybersecurity governance.
Asset management, risk assessment, and understanding the cybersecurity environment.
Access control, training, data security, and protective technology to limit impact.
Continuous monitoring and detection processes to identify cybersecurity events.
Response planning, communications, analysis, and mitigation after incidents.
Recovery planning, improvements, and communications to restore capabilities.
Generate a random scenario from the built-in library — or use AI to create a brand-new scenario tailored to your district's context. Each generated scenario includes CISA-aligned response guidance.
Select options above and click GENERATE to draw a scenario
Click any scenario card to view the full incident description, discussion prompts, and CISA-aligned response guidance.
Official federal cybersecurity resources to support your district's preparedness, planning, and response efforts.
The foundational voluntary framework for managing and reducing cybersecurity risk — now including the Govern function.
Templates and examples for creating your district's Current Profile and Target Profile using the CSF.
Step-by-step implementation guides tailored for small organizations, enterprises, and specific sectors.
Free, ready-to-use tabletop exercise packages covering active shooters, ransomware, bomb threats, and more — designed for K-12.
Official scenario-based training resources for cybersecurity awareness and incident response planning.
Dedicated CISA resources for K-12 schools including toolkits, assessments, and the Cyber Hygiene Vulnerability Scanning service (free).
The U.S. Government's one-stop resource for ransomware guidance, alerts, and incident reporting for critical infrastructure including schools.
Schools can report significant cyber incidents directly to CISA. CISA provides no-cost technical assistance to affected organizations.
Joint CISA and MS-ISAC ransomware guide covering best practices, response steps, and recovery checklists.
Comprehensive active threat scenario for K-12 campuses covering lockdown, evacuation, and communications protocols.
School bomb threat response covering threat assessment, evacuation decisions, law enforcement coordination, and communications.
Ransomware incident response for K-12 IT departments covering isolation, reporting, recovery, and CISA coordination.
Third-party vendor compromise scenario addressing supply chain risk, breach notification, and vendor management controls.