Proceedings of the 3rd International Conference on Information Systems Security and Privacy 2017
DOI: 10.5220/0006128500590070
|View full text |Cite
|
Sign up to set email alerts
|

Gamification of Information Security Awareness and Training

Abstract: Abstract:Security Awareness and Training (SAT) programs are commonly put in place to reduce risk related to insecure behaviour among employees. There are however studies questioning how effective SAT programs are in terms of improving end-user behaviours. In this context, we have explored the potential of applying the concept of gamification -i.e. using game mechanics -to increase motivation and learning outcomes. An interactive SAT prototype application was developed, based on interviews with security experts… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1

Citation Types

1
23
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
6
2

Relationship

0
8

Authors

Journals

citations
Cited by 36 publications
(24 citation statements)
references
References 17 publications
1
23
0
Order By: Relevance
“…One potential way to continue to increase employees' 1) ability to detect and 2) motivation to report phishing emails might be through the gamification of the mock phishing campaign experience. The addition of gaming elements to non-gaming situations in this and other cyber-related contexts has been explored (Francia et al, 2014;Gjertsen et al, 2017;Emm, 2021;Khando et al, 2021). For example, gamification has demonstrated promise in the education of normal users regarding password security (Scholefield and Shepherd, 2019), and gamified systems can increase motivation to comply with security policy and reduce mock phishing failures, significantly outperforming training provided via email (Silic and Lowry, 2020).…”
Section: Background On Phishingmentioning
confidence: 99%
“…One potential way to continue to increase employees' 1) ability to detect and 2) motivation to report phishing emails might be through the gamification of the mock phishing campaign experience. The addition of gaming elements to non-gaming situations in this and other cyber-related contexts has been explored (Francia et al, 2014;Gjertsen et al, 2017;Emm, 2021;Khando et al, 2021). For example, gamification has demonstrated promise in the education of normal users regarding password security (Scholefield and Shepherd, 2019), and gamified systems can increase motivation to comply with security policy and reduce mock phishing failures, significantly outperforming training provided via email (Silic and Lowry, 2020).…”
Section: Background On Phishingmentioning
confidence: 99%
“…Thus, in order to spread awareness to users through more entertaining processes, gamification can be considered, while developing privacy awareness services as well. Some examples have been recorded regarding security awareness [64,65], but gamified attempts are also needed as far as privacy awareness concerns. The contribution of gamification in these services concerns on the engagement of users on using them, resulting on the effective education of users.…”
Section: Unobservabilitymentioning
confidence: 99%
“…There are, however, several publications suggesting that many training efforts fail to support users towards secure behavior to a high enough degree [26,27]. Suggested reasons include that it is hard to make users participate in on-demand training, that acquired knowledge is not retained for long enough, and that knowledge does not necessarily translate to correct behavior [20,28]. Some research even suggests that training methods are not empirically evaluated to a high enough extent [29,30].…”
Section: Introductionmentioning
confidence: 99%
“…The ISAT methods included in this research are game-based training and Context-Based Micro-Training (CBMT). Gamified training means that game concepts are applied to ISAT, with the intent to better motivate users to actively participate [28]. It is considered in this research since it is argued to better motivate and engage users when compared to other ISAT alternatives.…”
mentioning
confidence: 99%
See 1 more Smart Citation