Upload
benjamin-neal
View
217
Download
0
Embed Size (px)
Citation preview
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Design of cyber security awareness game utilizing a
social media frameworkWA Labuschagne
UNISAPretoria, South Africa
N Veerasamy
CSIRPretoria, South Africa
In Information Security South Africa (ISSA), 2011
I Burke
CSIRPretoria, South Africa
I Burke
CSIRPretoria, South Africa
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Outline
Introduction
Motivation For Game Design
Requirements
Security Awareness Games
Design of Game
Future Work
Conclusions
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Introduction
To be aware of safe cyber practices Not just technical staff, but all users
A number of universities now recommend providing security awareness training and education components for students and staff
Home users could also benefit from cyber security awareness
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Motivation For Game Design Directed Communication
One-directional communication Pamphlets, emails, intranet pages, screen savers, posters, mouse pads,
pens, games, formal presentations and training sessions
Information Richness Web Three medias:
Hypermedia Multimedia Hypertext
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Requirements
A comprehensive database of questions
Weighting of the questions
The use of practical data
Tool should be automated
Game dynamics
Easy accessible
Effortless
Acceptance by the user
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Requirements
A comprehensive database of questions
Determine the current knowledge level
Critical game component
Random set to be selected each time
An extensive database to prevent presenting the same questions
Ensure the topic is sufficiently
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Requirements
A comprehensive database of questions
Weighting of the questions
The use of practical data
Tool should be automated
Game dynamics
Easy accessible
Effortless
Acceptance by the user
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Requirements
Weighting of the questions
The higher the weights, the harder the questions
More challenging
Progressively become more difficult
Create different levels
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Requirements
A comprehensive database of questions
Weighting of the questions
The use of practical data
Tool should be automated
Game dynamics
Easy accessible
Effortless
Acceptance by the user
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Requirements
The use of practical data
The data should reflect real life scenarios
The knowledge acquired during the game could be applied in the current
environment
The relevance of the data should be applicable and disseminated into easy
interpretable knowledge fragments
The trends provide a list of threats
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Requirements
A comprehensive database of questions
Weighting of the questions
The use of practical data
Tool should be automated
Game dynamics
Easy accessible
Effortless
Acceptance by the user
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Requirements
Tool should be automated
No intervention and supervision of humans
Computation has to be done by the system
Users will be guided by the system
Multiple users can play the game simultaneously
Social network allows multiple users to interact with the game
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Requirements
A comprehensive database of questions
Weighting of the questions
The use of practical data
Tool should be automated
Game dynamics
Easy accessible
Effortless
Acceptance by the user
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Requirements
Game dynamics
Namely appointment
Influence and status
Progression
Communal discovery
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Requirements
A comprehensive database of questions
Weighting of the questions
The use of practical data
Tool should be automated
Game dynamics
Easy accessible
Effortless
Acceptance by the user
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Requirements
Easy accessible
Resources located on a PC at home or within a private internal network are
not easily accessible
Using internet
Web browser
Mobile devices, such as smartphones
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Requirements
A comprehensive database of questions
Weighting of the questions
The use of practical data
Tool should be automated
Game dynamics
Easy accessible
Effortless
Acceptance by the user
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Requirements
Effortless A good interface provides the users with an experience which build trust
with the application, increase productivity and reduces erroneous use, which frustrates the user
A list of critical factors: Visibility of system status Match between system and the real world User control and freedom Consistency and standards Error prevention Help users recognize, diagnose, and recover from errors Recognition rather than recall Flexibility and efficiency of use Aesthetic and minimalist design Help and documentation
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Requirements
A comprehensive database of questions
Weighting of the questions
The use of practical data
Tool should be automated
Game dynamics
Easy accessible
Effortless
Acceptance by the user
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Requirements
Acceptance by the user
The Technology Acceptance Model (TAM)
Perceived Usefulness (PU)
Perceived Ease of Use (PE)
Extended TAM Model to accommodate social networking sites
Perceived Usefulness (PU)
Perceived Ease of Use (PE)
Perceived Playfulness (PP)
Perceived Security (PS)
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Security Awareness Games
There are two games from the USA Department of Defense:
CyberCiege
Highly extensible game for teaching information assurance concepts
Runs on a standalone computer system
CyberProtect
With an interactive security experience
On-line game, but not use a social networking site.
* Both of the two games are designed for technical staffs
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Design of Game
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Design of Game
High-level view of game
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Design of Game
Mix of hypertext and multimedia
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Design of Game
Sample question and status
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Design of GameBadge and achievements
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Future Work
A functional prototype that can be effectively used as part of awareness program
Test more
Deploy the game in a social networking site environment
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Conclusions
Present the design of an online game which utilizes social networking sites
Create awareness on cyber security topics by using a virtual tool to educate and test users using a social networking environment
Graduate Programs in Computer Sciencehttp://www.cs.utsa.edu
Thank you!
Questions?