Incident response - Games Industry Lens

Incident response

GAMESEC04 - How are you deļ¬ning and enforcing policies to respond to player misconduct and abusive behavior?

GAMESEC_BP10 - Implement an incident response plan to handle bad actors and abusive behavior.

Refer to the Well-Architected Framework whitepaper for best practices in incident response for security that apply to games workloads.

GAMESEC_BP11 - Ban accounts associated with bad actors.

If left unmitigated, abusive behavior in a game can continue to cause impact to the gaming experience for others and should be mitigated as soon as possible. You should implement a process to impose bans, or other forms of restrictions, on bad actors who are confirmed to be in violation of your terms of service. Typically, the rules and evaluation process for determining the circumstances for imposing these types of restrictions will be determined by personnel such as a player community team, or trust and safety team, within your organization. After bad actors have been flagged, you should have a pre-determined workflow that can be run to take action on the identified players. AWS Step Functions and Lambda functions can be used to run an automated workflow that accepts a batch of player accounts as input and updates entries in a DynamoDB table called Bans, which can include details on the player account, the ban reason, and duration. Depending on the way your game and account management system is designed, and the type of abuse, it is valuable to have a banning system of record that is separate than you account management system. You may not want to turn off the player's account from your account management system, opting instead to simply turn off their ability to play your game. This can be useful in situations where the player's account credentials are used to access multiple games with different terms of service or policies.