passwordspreadsheetNooffsitebackupsNo DRPlanWindowsXPIndividualpermissionsin sharesComputersnot joinedto DomainGuestSSID butnoisolationStaleObjectsolder than1year"We justuseWindowsDefender"WirelessPSK olderthan 2yearsDefaultSNMPWritevalue"We'venever hadanincident."Whitelisteddomains inemail filterPasswordsneverexpireMinimalGroupPolicyDNSloggingnotenabledclosetspaghettiWindowsServer2003/2008>50%passwordscrackedPlain textpassworddiscoveredin shareNoMFANo IRPlanNoSecurityAwarenessTrainingManualBackupsUnpatchedExchangeInappropriteFirewallrules (notRDP)ExternalRDPTelnetDefaultadmincredentialsUsersare localadminscrackedadminpasswordAdobeFlashNo truenetworksegmentationUnidentifiedPCIrequirementsTeamviewer/ VNCShares with"Everyone,Full Control"NoSPFrecord"We updatewhen thereareproblems"No driveencryptionWindows7"We're assecure aswe canbe."NoDKIM /DMARCUnlicensedhardwareor softwareNoDMZNoEDRpasswordspreadsheetNooffsitebackupsNo DRPlanWindowsXPIndividualpermissionsin sharesComputersnot joinedto DomainGuestSSID butnoisolationStaleObjectsolder than1year"We justuseWindowsDefender"WirelessPSK olderthan 2yearsDefaultSNMPWritevalue"We'venever hadanincident."Whitelisteddomains inemail filterPasswordsneverexpireMinimalGroupPolicyDNSloggingnotenabledclosetspaghettiWindowsServer2003/2008>50%passwordscrackedPlain textpassworddiscoveredin shareNoMFANo IRPlanNoSecurityAwarenessTrainingManualBackupsUnpatchedExchangeInappropriteFirewallrules (notRDP)ExternalRDPTelnetDefaultadmincredentialsUsersare localadminscrackedadminpasswordAdobeFlashNo truenetworksegmentationUnidentifiedPCIrequirementsTeamviewer/ VNCShares with"Everyone,Full Control"NoSPFrecord"We updatewhen thereareproblems"No driveencryptionWindows7"We're assecure aswe canbe."NoDKIM /DMARCUnlicensedhardwareor softwareNoDMZNoEDR

Risk Assessment Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
  1. password spreadsheet
  2. No offsite backups
  3. No DR Plan
  4. Windows XP
  5. Individual permissions in shares
  6. Computers not joined to Domain
  7. Guest SSID but no isolation
  8. Stale Objects older than 1year
  9. "We just use Windows Defender"
  10. Wireless PSK older than 2 years
  11. Default SNMP Write value
  12. "We've never had an incident."
  13. Whitelisted domains in email filter
  14. Passwords never expire
  15. Minimal Group Policy
  16. DNS logging not enabled
  17. closet spaghetti
  18. Windows Server 2003/2008
  19. >50% passwords cracked
  20. Plain text password discovered in share
  21. No MFA
  22. No IR Plan
  23. No Security Awareness Training
  24. Manual Backups
  25. Unpatched Exchange
  26. Inapproprite Firewall rules (not RDP)
  27. External RDP
  28. Telnet
  29. Default admin credentials
  30. Users are local admins
  31. cracked admin password
  32. Adobe Flash
  33. No true network segmentation
  34. Unidentified PCI requirements
  35. Teamviewer / VNC
  36. Shares with "Everyone, Full Control"
  37. No SPF record
  38. "We update when there are problems"
  39. No drive encryption
  40. Windows 7
  41. "We're as secure as we can be."
  42. No DKIM / DMARC
  43. Unlicensed hardware or software
  44. No DMZ
  45. No EDR