Case Study: Checking a Serious Security-Awareness Game for its Legal Adequacy

Pape, S. and Kipker, D-K.

In Datenschutz und Datensicherheit, 45 (5): 310-314, 2021.

Abstract

It is generally accepted that the management of a company has a legal obligation to maintain and operate IT security measures as part of the company's own compliance - this includes training employees with regard to social engineering attacks. On the other hand, the question arises whether and how the employee must tolerate associated measures, as for example social engineering penetration testing can be very intrusive.

PDFDOILinkLinkLinkLinkBibtexsecuritysocial engineeringlawcs4ehatchthreat-arrest

Bibtex

@Article{PK21dud,
  author   = {Sebastian Pape and Dennis-Kenji Kipker},
  title    = {Case Study: Checking a Serious Security-Awareness Game for its Legal Adequacy},
  journal  = {Datenschutz und Datensicherheit},
  year     = {2021},
  volume   = {45},
  number   = {5},
  pages    = {310-314},
  month    = {05},
  doi      = {10.1007/s11623-021-1440-3},
  keywords = {serious games, HATCH, law, security, social engineering, CS4E, threat-arrest},
  url      = {https://www.springerprofessional.de/en/case-study-checking-a-serious-security-awareness-game-for-its-le/19120160},
}

PDF