Gamification of Information Security Awareness and Training

被引：22

作者：

Gjertsen, Eyvind Garder B. ^{[1
]}

Gjaere, Erlend Andreas ^{[2
]}

Bartnes, Maria ^{[1
,2
]}

Flores, Waldo Rocha ^{[3
]}

机构：

[1] Norwegian Univ Sci & Technol, Dept Telemat, N-7491 Trondheim, Norway

[2] SINTEF, POB 4760, N-7465 Trondheim, Norway

[3] EY, POB 20, N-0051 Oslo, Norway

来源：

ICISSP: PROCEEDINGS OF THE 3RD INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS SECURITY AND PRIVACY | 2017年

基金：

欧盟地平线“2020”;

关键词：

Information Security; Security Awareness; Gamification;

D O I：

10.5220/0006128500590070

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Security Awareness and Training (SAT) programs are commonly put in place to reduce risk related to insecure behaviour among employees. There are however studies questioning how effective SAT programs are in terms of improving end-user behaviours. In this context, we have explored the potential of applying the concept of gamification -i. e. using game mechanics - to increase motivation and learning outcomes. An interactive SAT prototype application was developed, based on interviews with security experts and a workshop with regular employees at two companies. The prototype was tested by employees in a second workshop. Our results indicate that gamification has potential for use in SAT programs, in terms of potential strengths in areas where current SAT efforts are believed to fail. There are however significant pitfalls one must avoid when designing such applications, and more research is needed on long-term effects of a gamified SAT application.

引用

页码：59 / 70

页数：12

共 50 条

[41] Analyzing trajectories of information security awareness
Tsohou, Aggeliki
Karyda, Maria
Kokolakis, Spyros
Kiountouzis, Evangelos
[J]. INFORMATION TECHNOLOGY & PEOPLE, 2012, 25 (03) : 327 - 352
[42] GAMIFICATION FOR THE TRAINING OF THE PROFESSIONALS IN INFORMATION SCIENCES THROUGH INFORMATION AND COMMUNICATION TECHNOLOGIES
Martinez Paz, Dianelys
Toscano Menocal, Anamarys
[J]. REVISTA CONRADO, 2021, 17 (81): : 7 - 16
[43] The Role of Information Deserts in Information Security Awareness and Behaviour
Snyman, D. P.
Kruger, H. A.
[J]. PROCEEDINGS OF THE 8TH INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS SECURITY AND PRIVACY (ICISSP), 2021, : 613 - 620
[44] An Anti-phishing Training System for Security Awareness and Education Considering Prevention of Information Leakage
Higashino, Masayuki
Kawato, Toshiya
Ohmori, Motoyuki
Kawamura, Takao
[J]. 5TH INTERNATIONAL CONFERENCE ON INFORMATION MANAGEMENT (ICIM 2019), 2019, : 82 - 86
[45] Behind the digital veil: decoding the influence of HR training on information security awareness in Saudi Arabia
Asfahani, Ahmed M.
[J]. COGENT BUSINESS & MANAGEMENT, 2024, 11 (01):
[46] SUCCESSFUL SECURITY RELIES ON CORPORATE AWARENESS TRAINING
SHERIZEN, S
[J]. DATA MANAGEMENT, 1984, 22 (12): : 10 - 12
[47] A video game for cyber security training and awareness
Cone, Benjamin D.
Irvine, Cynthia E.
Thompson, Michael F.
Nguyen, Thuy D.
[J]. COMPUTERS & SECURITY, 2007, 26 (01) : 63 - 72
[48] VR Training for Security Awareness in Industrial IoT
Liagkou, Vasiliki
Stylios, Chrysostomos
[J]. COLLABORATIVE NETWORKS AND DIGITAL TRANSFORMATION, 2019, : 604 - 612
[49] University training in information security
Janczewski, LJ
[J]. Innovations Through Information Technology, Vols 1 and 2, 2004, : 1003 - 1005
[50] Security Awareness: The First Step in Information Security Compliance Behavior
Hwang, Inho
Wakefield, Robin
Kim, Sanghyun
Kim, Taeha
[J]. JOURNAL OF COMPUTER INFORMATION SYSTEMS, 2021, 61 (04) : 345 - 356

← 1 2 3 4 5 →