The CONTAIN Response Canvas: A Template for Cyber Incident Response
摘要
Ransomware attacks on mobile devices pose complex challenges that span individual behavior, organizational processes, and technological contexts for both professional and private use. Although cybersecurity training measures, such as serious games, are effective in raising awareness, they often lack mechanisms to transfer experiential knowledge into operational practice. In contrast, established incident response and business continuity frameworks are comprehensive, but typically text-heavy and difficult to apply under time pressure. This article introduces the CONTAIN Response Canvas (CRC), a visual, canvas-based artifact that adapts principles of the Business Model Canvas to ransomware incident response for personal mobile devices. The CRC structures technical, organizational, and communicative response measures in a compact format, supporting both orientation during incidents and structured reflection after training. The article also presents the serious game “A Question of Security”, which embeds a reference response model that describes an ideal-typical procedure for handling a ransomware incident on a mobile device. This reference response model is part of the game design and was iteratively clarified and refined during 16 game sessions with 96 participants. Phases 2 – 4 of this model are represented using three phase-specific CONTAIN Response Canvases. The CRC thus serves as a structured visual representation of the reference response model and as a means of transferring the training results into reusable documentation artifacts. Finally, the article outlines how the CRC can be integrated into organizational awareness and training programs to support knowledge transfer, organizational learning, and sustained preparedness beyond the game-based setting.