G. Bassett, C. D. Hylender, P. Langlois, A. Pinto, and S. Widup, Data Breach Investigations Report, (2020).
P. Schaab, K. Beckers, and S. Pape, A Systematic Gap Analysis of Social Engineering Defence Mechanisms Considering Social Psychology, in 10th International Symposium on Human Aspects of Information Security & Assurance, HAISA 2016, Frankfurt, Germany, July 19-21, 2016, Proceedings. (2016).
P. Schaab, K. Beckers, and S. Pape, Social Engineering Defence Mechanisms and Counteracting Training Strategies, Information and Computer Security 25, 206 (2017).
T. Dimkov, A. Van Cleeff, W. Pieters, and P. Hartel, Two Methodologies for Physical Penetration Testing Using Social Engineering, in Proceedings of the 26th Annual Computer Security Applications Conference (2010), pp. 399–408.
J. M. Hatfield, Virtuous Human Hacking: The Ethics of Social Engineering in Penetration-Testing, Computers & Security 83, 354 (2019).
J. Kuhn and A. Willemsen, Arbeitsrechtliche Aspekte von Social Engineering Audits, DER BETRIEB 02, 111 (2016).
M. Zimmer and A. Helle, Tests Mit Tücke – Arbeitsrechtliche Anforderungen an Social Engineering Tests, Betriebs-Berater 21/2016, 1269 (2016).
S. Stahl, Beyond Information Security Awareness Training: It’s Time to Change the Culture, Information Security Management Handbook, Volume 3 3, 285 (2006).
M. Bada, A. M. Sasse, and J. R. C. Nurse, Cyber Security Awareness Campaigns: Why Do They Fail to Change Behaviour?, CoRR abs/1901.02672, (2019).
L. Donovan and P. Lead, The Use of Serious Games in the Corporate Sector, A State of the Art Report. Learnovate Centre (December 2012) (2012).
K. Beckers, S. Pape, and V. Fries, HATCH: Hack and Trick Capricious Humans – a Serious Game on Social Engineering, in Proceedings of the 2016 British HCI Conference, Bournemouth, United Kingdom, July 11-15, 2016 (2016).
K. Beckers and S. Pape, A Serious Game for Eliciting Social Engineering Security Requirements, in Proceedings of the 24th IEEE International Conference on Requirements Engineering (IEEE Computer Society, 2016).
Kreutz, GK-BetrVG, Bd. 2, 10th ed. (2014).
A. Shostack, Elevation of Privilege: Drawing Developers into Threat Modeling, Microsoft, 2012.
A. Shostack, Elevation of Privilege: Drawing Developers into Threat Modeling, in 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3gse 14) (USENIX Association, San Diego, CA, 2014).
A. Shostack, Threat Modeling: Designing for Security, 1st ed. (John Wiley & Sons Inc., 2014).
K. Moløkken-Østvold, N. C. Haugen, and H. C. Benestad, Using Planning Poker for Combining Expert Estimates in Software Projects, Journal of Systems and Software 81, 2106 (2008).
L. Williams, M. Gegick, and A. Meneely, Protection Poker: Structuring Software Security Risk Assessment and Knowledge Transfer, in Proceedings of International Symposium on Engineering Secure Software and Systems (Springer, 2009), pp. 122–134.
L. Williams, A. Meneely, and G. Shipley, Protection Poker: The New Software Security “Game”, Security Privacy, IEEE 8, 14 (2010).
F. Osses, G. Márquez, C. Orellana, and H. Astudillo, Towards the Selection of Security Tactics Based on Non-Functional Requirements: Security Tactic Planning Poker, in 2017 36th International Conference of the Chilean Computer Science Society (SCCC) (IEEE, 2017), pp. 1–8.
T. Denning, T. Kohno, and A. Shostack, Control-Alt-Hack: A Card Game for Computer Security Outreach and Education (Abstract Only), in The 44th ACM Technical Symposium on Computer Science Education, SIGCSE ’13, Denver, CO, USA, March 6-9, 2013 (2013), p. 729.
T. Denning, A. Lerner, A. Shostack, and T. Kohno, Control-Alt-Hack: The Design and Evaluation of a Card Game for Computer Security Awareness and Education, in 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS’13, Berlin, Germany, November 4-8, 2013 (2013), pp. 915–928.
T. Denning, A. Shostack, and T. Kohno, Practical Lessons from Creating the Control-Alt-Hack Card Game and Research Challenges for Games in Education and Research, in 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education, 3gse ’14, San Diego, CA, USA, August 18, 2014. (2014).
A. Yasin, L. Liu, T. Li, J. Wang, and D. Zowghi, Design and Preliminary Evaluation of a Cyber Security Requirements Education Game (SREG), Information and Software Technology (2017).
A. Yasin, L. Liu, T. Li, R. Fatima, and W. Jianmin, Improving Software Security Awareness Using a Serious Game, IET Software (2018).
R. Kessel and N. Gwatkin, Harbour Protection Table-Top Exercise Hpt2e: Contextual Read Ahead., (2012).
R. Kessel and N. Gwatkin, Harbour Protection Table – Top Exercise Hpt2e 20 – 23 March 2012, La Spezia: Hpt2e Technologies and Platforms, (2012).
A. Rieb and U. Lechner, Towards Operation Digital Chameleon, in CRITIS 2016 – the 11th International Conference on Critical Information Infrastructures Security (to Appear), edited by G. Havârneanu, R. Setola, H. Nassopoulos, and S. Wolthusen (Paris, 2016), pp. 1–6.
A. Rieb and U. Lechner, Operation Digital Chameleon – Towards an Open Cybersecurity Method, in Proceedings of the 12th International Symposium on Open Collaboration (OpenSym 2016) (Berlin, 2016), pp. 1–10.
A. Rieb, KMA Homepage Article about Operation Digital Snake Game, (2018).