Systematic Scenario Creation for Serious Security-Awareness Games

Hazilov, V. and Pape, S.

In Computer Security - ESORICS 2020 International Workshops, DETIPS, DeSECSys, MPS, and SPOSE, Guildford, UK, September 17-18, 2020, Revised Selected Papers, Springer International Publishing, Cham, LNCS 12580, 2020.

Abstract

While social engineering is still a recent threat, many organisations only address it by using traditional training, penetration tests or standardized security awareness campaigns or serious games. Existing research has shown that in particular raising the awareness of employees is more effective if it is adjusted to its target audience. For that purpose, we propose to create specific scenarios for serious games considering the organisation's specifics. Based on the work of Faily and Flechais, who created personas utilizing grounded theory, we demonstrate how to develop a specific scenario for HATCH, a serious game on social engineering. Our method for adapting the scenario of a serious game on social engineering resulted in a realistic scenario and thus was effective. Since the method is also very time-consuming, we propose future work to investigate if the effort can be reduced.

PDFDOILinkLinkLinkLinkVideoBibtexsecuritysocial engineeringcs4ehatchthreat-arrest

Video Abstract

Bibtex

@InProceedings{HP20spose,
  author    = {Vera Hazilov and Sebastian Pape},
  title     = {Systematic Scenario Creation for Serious Security-Awareness Games},
  booktitle = {Computer Security - {ESORICS 2020} International Workshops, {DETIPS}, {DeSECSys}, {MPS}, and {SPOSE}, Guildford, {UK}, September 17-18, 2020, Revised Selected Papers},
  year      = {2020},
  editor    = {Ioana Boureanu and Constantin C\^at\^alin Dr\^agan and Mark Manulis and Thanassis Giannetsos and Christoforos Dadoyan and Panagiotis Gouvas and Roger A. Hallman and Shujun Li and Victor Chang and Frank Pallas and J\"org Pohle and Angela Sasse},
  volume    = {12580},
  series    = {LNCS},
  address   = {Cham},
  month     = {09},
  publisher = {Springer International Publishing},
  doi       = {10.1007/978-3-030-66504-3_18},
  keywords  = {security, social engineering, serious games, CS4E, threat-arrest, HATCH},
  url       = {https://link.springer.com/chapter/10.1007/978-3-030-66504-3_18},
}

PDF

Video Abstract