Why use dice in serious games?
I was working through The Handbook of Cyber Wargames, that I co-wrote with John Curry, and came across this section on why dice should be used in professional games:
“The use of dice here represents the influence of many unknown variables on the success or failure of a particular attack. In the real world, sometimes it is just chance that allows an attack to succeed or get stopped. For example, did the phishing attack target a particularly susceptible member of staff who was having a ‘bad day’, did the attackers choose the one server the System Administrators were troubleshooting, and they immediately noticed the unusual activity? This will help illustrate to the players that cyber security is risk-based, and that they must account for the different possible outcomes from an attack. Dice are a simple way of modelling the role of chance in cyber security.”
I suspect that’s going to be an explanation I’ll be referring people to more in future, which might be why you’re reading this.