Abstract
Information is a critical asset in any organization to achieve its strategic goals. For this, organizations enforce physical, logical, and administrative controls to protect their information from being corrupted, manipulated, or breached. However, an employee with little awareness of cybersecurity threats is an easy target for attackers. Nowadays, companies implement security awareness using policies, procedures, and training sessions, to list a few. Traditional information security awareness sessions have relied heavily on presentation slides and videos. This paper aims to improve the employees’ cybersecurity awareness by developing an interactive video game, a cyber shield game, that includes various embedded threat scenarios. The proposed game consists of four levels. The password complexity level educates players about password threats. The social engineering level aware employees about email attachments and trespass threats. The phishing attack level educates employees about phishing emails and ransomware threats. Finally, the physical security level aware employees about threats to storage and work documents’ disposal. Further, two surveys, pre-game and post-game, are conducted to estimate the players’ knowledge and experience in cybersecurity threats. The proposed security awareness program is applied to ten employees randomly chosen from different organizations. Experimental results indicate that the cyber shield training and awareness program is more interactive than traditional awareness methods. Results also suggest that the proposed awareness program improves the employees’ cybersecurity awareness level by 51.4%.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Hendrix M, Al-Sherbaz A, Bloom V (2016) Game-based cybersecurity training: are serious games suitable for cybersecurity training? Int J Serious Games 3(1):53–61
Gjertsen EGB., Gjære EA, Bartne M, Flores WR (2017) Gamification of information security awareness and training. In Proceedings of the 3rd International Conference on Information Systems Security and Privacy, pp. 59–70.
Boopathi K, Sreejith S, Bithin A (2015) Learning cybersecurity through gamification. Indian J Sci Technol 8(7):642–649
Antonaci A, Klemke R, Stracke C, Specht M (2017) Gamification to empower information security education. GamiFIN Conference, pp. 32–38, Pori, Finland
Scholefield S, Shepherd L (2019) Gamification techniques for raising cybersecurity awareness. 1st International Conference on HCI for Cybersecurity, Privacy and Trust.
Rieff I (2018) Systematically applying gamification to cybersecurity awareness trainings: a framework and case study approach. Delft University of Technology, pp 1–14
Alotaibi F, Furnell S, Stengel I, Papadaki M (2016) A review of using gaming technology for cyber-security awareness. Internat J Inform Security Res. https://doi.org/10.20533/ijisr.2042.4639.2016.0076
Cook A (2016) Using gamification to raise awareness of cyber threats to critical national infrastructure. 4th International Symposium for ICS & SCADA Cyber Security Research, pp. 84–94.
Labuschagne WA, Burke I, Veerasamy N, Eloff MM (2011) Design of cybersecurity awareness game utilizing a social media framework. Conference Information Security South Africa, pp. 1–9.
Alotaibi F (2018) Design and evaluation of mobile games for enhancing cybersecurity awareness. J Internet Technol Secur Trans 6:2
Bada M, Nurse J (2019) Developing cybersecurity education and awareness programmes for small- and medium-sized enterprises (SMEs). Inform Comput Sec 27(3):393–410
Khando K, Shang G, Sirajul M.I, Ali S (2021) Enhancing employees information security awareness in private and public organisations: a systematic literature review. Comput Sec 106.
Gjertsen E, Gjære E, Bartnes M, Flores WR (2017) Gamification of information security awareness and training. Science and Technology Publications, pp 59–70
Chau C, Tsui Y, Cheng C (2019) Gamification for internet gaming disorder prevention: evaluation of a wise IT-Use (WIT) Program for Hong Kong Primary Students. Front Psychol.
Kovacevic A, Radaenkovic SD (2020) SAWIT—security awareness improvement tool in the workplace. Appl Sci 10:9
Mario S, Paul BL (2020) Using design-science based gamification to improve organizational security training and compliance. J Manag Inf Syst 37(1):129–161
Zuopeng JZ, Wu H, Wenzhuo L, Mhammed A (2021) Cybersecurity awareness training programs: a cost-benefit analysis framework. Ind Manag Data Syst 121(3):613–636
What is PyCharm? (2020) https://intellipaat.com/blog/what-is-pycharm.
Surwade AU (2020) Phishing email is an increasing menace. Int J Inf Technol 12:611–617. https://doi.org/10.1007/s41870-019-00407-6
Rosa GHD, Roder M, Santos DFS (2021) Enhancing anomaly detection through restricted Boltzmann machine features projection. Internat J Inform Technol 13:49–57. https://doi.org/10.1007/s41870-020-00535-4
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Abu-Amara, F., Almansoori, R., Alharbi, S. et al. A novel SETA-based gamification framework to raise cybersecurity awareness. Int. j. inf. tecnol. 13, 2371–2380 (2021). https://doi.org/10.1007/s41870-021-00760-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41870-021-00760-5