A novel SETA-based gamification framework to raise cybersecurity awareness

Information is a critical asset in any organization to achieve its strategic goals. For this, organizations enforce physical, logical, and administrative controls to protect their information from being corrupted, manipulated, or breached. However, an employee with little awareness of cybersecurity...

Full description

Saved in:
Bibliographic Details
Published inInternational journal of information technology (Singapore. Online) Vol. 13; no. 6; pp. 2371 - 2380
Main Authors Abu-Amara, Fadi, Almansoori, Reem, Alharbi, Safa, Alharbi, Marwah, Alshehhi, Asma
Format Journal Article
LanguageEnglish
Published Singapore Springer Singapore 2021
Subjects
Artificial Intelligence
Computer Imaging
Computer Science
Image Processing and Computer Vision
Machine Learning
Original Research
Pattern Recognition and Graphics
Software Engineering
Vision
Social engineering
Cybersecurity
Interactive video game
Phishing
Training and awareness program
Online AccessGet full text

Cover

More Information
Summary:Information is a critical asset in any organization to achieve its strategic goals. For this, organizations enforce physical, logical, and administrative controls to protect their information from being corrupted, manipulated, or breached. However, an employee with little awareness of cybersecurity threats is an easy target for attackers. Nowadays, companies implement security awareness using policies, procedures, and training sessions, to list a few. Traditional information security awareness sessions have relied heavily on presentation slides and videos. This paper aims to improve the employees’ cybersecurity awareness by developing an interactive video game, a cyber shield game, that includes various embedded threat scenarios. The proposed game consists of four levels. The password complexity level educates players about password threats. The social engineering level aware employees about email attachments and trespass threats. The phishing attack level educates employees about phishing emails and ransomware threats. Finally, the physical security level aware employees about threats to storage and work documents’ disposal. Further, two surveys, pre-game and post-game, are conducted to estimate the players’ knowledge and experience in cybersecurity threats. The proposed security awareness program is applied to ten employees randomly chosen from different organizations. Experimental results indicate that the cyber shield training and awareness program is more interactive than traditional awareness methods. Results also suggest that the proposed awareness program improves the employees’ cybersecurity awareness level by 51.4%.
ISSN:2511-2104
2511-2112
DOI:10.1007/s41870-021-00760-5