Home  /  Professional Business Simulations

Oceans99 - Information Security


Risk is good for business – all good business depends upon taking calculated risks. The secret of success is to manage business risks effectively, balancing both opportunities for gain and threats of loss or damage. Learn through experience how to grasp business opportunities, reduce the costs and at the same time to increase the effectiveness of your organisation’s security through a better understanding of how to analyse and manage business risks.

The workshop:

As a business initiative the marketing director of the National Bank of Tokyo has agreed to sponsor an exhibition of valuable treasures from around the World at the Tokyo museum. His aims are to raise the brand and image of the bank, to attract new customers, and also he wants to make a significant profit.  

To generate maximum interest the exhibition at the Tokyo museum want to show three extremely valuable ‘star attractions’ to lure visitors in, these are: 

  • The ‘Star of Africa’ – the biggest diamond in the World, being loaned from a museum in London.
  • The ‘The Jewish bride’ by Rembrandt – one of Rembrandt’s most valuable oil paintings, being loaned from a museum in Amsterdam.
  •  A Bugatti Type 59 Grand Prix car, built in 1933 and one of only five built, being loaned from a private collection in New York.

However: Oceans99 (a notorious, incredibly creative, and extraordinarily successful group of thieves) are aware of the situation and have made plans to steal all three treasures.  

The National Bank of Tokyo, the Tokyo museum, and the current owners of the treasures are extremely concerned about the vulnerability of the treasures during transit to Tokyo. Your challenges are, as a group, to transport the three extremely valuable treasures from their separate locations in Europe to the museum in Japan. Time is short and your budgets are not unlimited: the treasures must arrive on time and safely (incurring no damage or loss).  

A considerable threat is posed by Oceans99: a significant task will be to deny Oceans99 every opportunity to steal any of these valuable treasures. 

Successful transportation of the three valuable treasures to Japan will result in a popular exhibition for the Tokyo museum and extremely profitable business for the National Bank of Tokyo.

Learning objectives:

Students who play the Oceans99 professional business simulation will learn:  

  • How to use a well defined and structured process to indentify business drivers and critical success factors.
  • How to align security with business needs and corporate risk appetite to achieve business objectives.
  • How to measure and prioritise business risk by systematically analysing business opportunities balanced against threats and vulnerabilities.
  • How to manage trust between parties, systems, and processes.
  • How to manage secrecy (providing and receiving information on a ‘need-to-know’ basis).
  • How to manage authorisation, responsibility, and capability within parties, systems, and processes to ensure appropriate governance.
  • The importance of an holistic and balanced security implementation.
  • How to assess security principles in a realistic environment and then to use this to evaluate your own organisation’s level of potential and maturity.
  • To evaluate the complexity of providing the appropriate security in a dynamic environment it will be necessary to deploy a structured approach to assessment and decision-making.

Target audience:

Oceans99 can be played by participants whose roles are in business, IT and security. This includes managers who need to align business, IT, and security effectively with corporate strategy. It also includes those working day-to-day in these environments.  

Whilst Oceans99 would be a great learning experience for risk management and security professionals, organisations would benefit most by attendance of a mixed audience – developing increased awareness across an organisation on all aspects of aligning and deploying risk management and security to meet business objectives.

Brief description of the workshop:

Roles:

The following roles play an important part in this workshop. Some of the roles can be played by 2 students.

Role

Description

Sponsor

Invests in the Exhibition, expects a lot of revenue

Tokyo museum director

Hosts the 3 objects

Project manager

Leads the whole project

Security advisor

Is an expert in Information Security

London museum director

Is responsible for the ‘Star of Africa’

Amsterdam museum director

Is responsible for the ‘The Jewish bride’ by Rembrandt

New York private collection owner

Is responsible for the ‘Bugatti Type 59 Grand Prix car’

Transport manager

Responsible for the transportation logistics

The simulation will run through five Rounds.

At the end of each phase there will be an evaluation

Round 1: Preparation

Preparation begins with a meeting with sponsor, project manager and security advisor. In this meeting the group discusses and makes decisions on the following:

- The assignment

- The objectives of the assignment

- The requirements of the customer

- The various budgets

The group then make their individual plans to provide the appropriate security that will enable them to successfully complete the assignment. 

The team will perform the following tasks:

- Perform a risk analysis

- Indentify countermeasures

- Define ‘information authorization matrix’

- Define level of information security

As a result of this first round the team will prepare an ‘Information Security Policy’.

In this round the team will experience:

- How to setup a information security policy

- How to perform a risk assessment

- How to plan measures and deal with budgets

Round 2: Transportation of treasures to airports

The groups will start to execute the first phase of their individual plans to move each treasure to an airport. The objects need to be on time at the airport to assure that the objects can depart on time to Tokyo.

Apart from the ever present threat from Oceans99, to be successful the groups may have to interactively deal with day-to-day issues like: roadblocks, diversions, power outages, and traffic jams (depending on the chosen forms of transport).

At the end of this round they the team will discuss costs, time, effectiveness of security and business performance. The group will then review the results of this round and will define lessons learned for the next round.

In this round the team will experience:

-  How well selected effective/efficient measures can help minimizing (avoiding) business risks

- How to align personal objectives/risks/measures with the business requirements and objectives

- How to define and implement an effective governance model and how to use them in order to make the right decisions.

Round 3: Transportation of treasures to Tokyo

The group’s task now is to transport the three treasures from 3 airports to Tokyo airport. The planes need to depart on time to arrive according to plan in Tokyo. But the there are a lot of threats and Oceans99 is still active.

The group will start by re-evaluating their plans and will have the opportunity to change their security strategies.

Again the group could be presented with new information that could cause them to have to dynamically and interactively review and revise their plans.

In this round the team will be confronted with new issues related to information security management. The types of dilemmas are more complex and ask more skills from the team.

In this round the team will experience:

- How changing requirements of the Sponsor (Business) impacts the information security policy and how to deal with this.

- How a (sudden) change in the environment of the project/business can impact the information security policy and how to act on this.              

Round 4: Transportation of treasures to Tokyo museum

After the objects arrived safely at Tokyo airport a subcontractor (experts in transportation of expensive objects) will transport them to the Tokyo Museum. The company signed a contract with the Tokyo Museum.

The official opening of the Tokyo museum is close, so the team cannot afford any delay or risks. If the objects are not on time, or damaged or even stolen this will cause serious problems for the Sponsor.

In this round the team will experience:

How to deal with subcontractors in relation to

- How to deal with complex issues related to the business objects information security

How to deal with the roles of different stakeholders in a company 

The team will reflect on this round 4 and will identify lessons learned related to information security. 

Round 5: Exhibition at the Tokyo museum

In this round we will look back over the whole day and discuss the overall learning experience. In the meantime the audience will visit the exhibition and watch these 3 exclusive objects. The big questions are:

- Are the objects safe during the whole exhibition

- Will the sponsor achieve his financial goals

At the end of this round 5 the whole team will also visit the exhibition and see these extraordinary objects themselves.

Professional Business Simulations

EVENTS

Pink12

GamingWorks will be participating and Pink12 and sharing the results and experiences gained from the Extreme makeover project.
Read more...

Unlocking the Power of Information Management to realize Business value.

GamingWorks and Mark Smalley used a business simulation to demonstrate success and fail factors when applying Information Management.
Read more...

CIOnet. Gaming? serious business!

CIOnet organizes a session on Serious gaming for CIOs. Games. NICE to have or NEED to have?
Read more...
Find Delivery partner in your area
Become a Delivery partner