Systematic Scenario Creation for Serious Security-Awareness Games

Hazilov, V. and Pape, S.

In Computer Security - ESORICS 2020 International Workshops, 2nd Workshop on Security, Privacy, Organizations, and Systems Engineering (SPOSE), 2020, to appear.

Abstract

While social engineering is still a recent threat, many organisations only address it by using traditional training, penetration tests or standardized security awareness campaigns or serious games. Existing research has shown that in particular raising the awareness of employees is more effective if it is adjusted to its target audience. For that purpose, we propose to create specific scenarios for serious games considering the organisation's specifics. Based on the work of Faily and Flechais, who created personas utilizing grounded theory, we demonstrate how to develop a specific scenario for HATCH, a serious game on social engineering. Our method for adapting the scenario of a serious game on social engineering resulted in a realistic scenario and thus was effective. Since the method is also very time-consuming, we propose future work to investigate if the effort can be reduced.

PDFLinkVideoBibtexsecuritysocial engineeringcs4ethreat-arrest

Video Abstract

Bibtex

@InProceedings{HP20spose,
  author    = {Vera Hazilov and Sebastian Pape},
  title     = {Systematic Scenario Creation for Serious Security-Awareness Games},
  booktitle = {Computer Security - {ESORICS} 2020 International Workshops, 2nd Workshop on Security, Privacy, Organizations, and Systems Engineering (SPOSE)},
  year      = {2020},
  month     = {09},
  keywords  = {security, social engineering, serious games, CS4E, threat-arrest},
}

PDF

Video Abstract