Raising Cybersecurity Awareness on Employees Through Serious Games
Kirtsou, Vasiliki (2019-12-04)
Raising Cybersecurity Awareness on Employees Through Serious Games
(04.12.2019)
Lataukset:
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
avoin
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe2019122049240
https://urn.fi/URN:NBN:fi-fe2019122049240
Tiivistelmä
Nowadays, cybersecurity plays an integral role for everyone’s online presence where extensive usage of computers, smartphones and other smart devices has become the norm. More specifically, businesses need to pay additional attention to it, since they are handling sensitive data of their employees and their customers on a daily basis. Many cyber attacks are incited by a human action done by mistake or negligence. Phishing and social engineering attacks are very often the initial attack vector and they are both targeting human weaknesses.
To fight this ongoing battle, personnel training on cybersecurity is of utmost importance. However, traditional training methods seem to have certain shortcomings which effectively impact negatively their teaching output. For this reason, in this master’s thesis we examine serious games as an alternative way of teaching cybersecurity. A serious game is referring to a game whose primary purpose is not entertainment. Serious games have been gaining popularity lately as an educational or training method, and several companies have been created to cover the market needs for such.
This master’s thesis presents two commercial off-the-shelf serious games which aim to raise awareness of certain cybersecurity concepts to employees, as part of their cybersecurity training. The first game, Surf Clean, focuses mainly on social engineering but also addresses general security principles that are fundamental for every enterprise regardless of its size. The second game, Cyberzen Desk, allows the player to experience the importance of correctly handling and protecting sensitive information and items, through a VR game.
Ultimately, we present the results of a user satisfaction survey on the latter, in which we saw very promising results overall. The participants seemed to embrace the new technology and were excited to have a serious game as part of their training campaign. However, we identified possible improvements concerning the content of the game, in order to help the participants relate more to it and as a result increase its learning effectiveness.
To fight this ongoing battle, personnel training on cybersecurity is of utmost importance. However, traditional training methods seem to have certain shortcomings which effectively impact negatively their teaching output. For this reason, in this master’s thesis we examine serious games as an alternative way of teaching cybersecurity. A serious game is referring to a game whose primary purpose is not entertainment. Serious games have been gaining popularity lately as an educational or training method, and several companies have been created to cover the market needs for such.
This master’s thesis presents two commercial off-the-shelf serious games which aim to raise awareness of certain cybersecurity concepts to employees, as part of their cybersecurity training. The first game, Surf Clean, focuses mainly on social engineering but also addresses general security principles that are fundamental for every enterprise regardless of its size. The second game, Cyberzen Desk, allows the player to experience the importance of correctly handling and protecting sensitive information and items, through a VR game.
Ultimately, we present the results of a user satisfaction survey on the latter, in which we saw very promising results overall. The participants seemed to embrace the new technology and were excited to have a serious game as part of their training campaign. However, we identified possible improvements concerning the content of the game, in order to help the participants relate more to it and as a result increase its learning effectiveness.