Abstract
Recent approaches to raise security awareness have improved a lot in terms of user-friendliness and user engagement. However, since social engineering attacks on employees are evolving fast, new variants arise very rapidly. To deal with recent changes, our serious game CyberSecurity Awareness Quiz provides a quiz on recent variants to make employees aware of new attacks or attack variants in an entertaining way. While the gameplay of a quiz is more or less generic, the core of our contribution is a concept to create questions and answers based on current affairs and attacks observed in the wild.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
depending on the version RSS means: RDF Site Summary or Really Simple Syndication.
- 3.
Atom Syndication Format is an XML language used for web feeds.
References
All URLs haven been last accessed on July 22nd, 2020.
Bada, M., Sasse, A.M., Nurse, J.R.C.: Cyber security awareness campaigns: why do they fail to change behaviour? CoRR abs/1901.02672 (2019). http://arxiv.org/abs/1901.02672
Bassett, G., Hylender, C.D., Langlois, P., Pinto, A., Widup, S.: Data breach investigations report (2020). https://enterprise.verizon.com/resources/reports/2020-data-breach-investigations-report.pdf
Beckers, K., Pape, S.: A serious game for eliciting social engineering security requirements. In: Proceedings of the 24th IEEE International Conference on Requirements Engineering, RE 2016. IEEE Computer Society (2016). https://doi.org/10.1109/RE.2016.39
Beckers, K., Pape, S., Fries, V.: HATCH: hack and trick capricious humans - a serious game on social engineering. In: Proceedings of the 2016 British HCI Conference, Bournemouth, United Kingdom, 11–15 July 2016 (2016). https://ewic.bcs.org/content/ConWebDoc/56973
Beckers, K., Schosser, D., Pape, S., Schaab, P.: A structured comparison of social engineering intelligence gathering tools. In: Lopez, J., Fischer-Hübner, S., Lambrinoudakis, C. (eds.) TrustBus 2017. LNCS, vol. 10442, pp. 232–246. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64483-7_15
Denning, T., Lerner, A., Shostack, A., Kohno, T.: Control-alt-hack: the design and evaluation of a card game for computer security awareness and education. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 915–928 (2013)
Emergent Network Defense: Emergynt risk homepage. https://emergynt.com/risk-deck/
Frey, S., Rashid, A., Anthonysamy, P., Pinto-Albuquerque, M., Naqvi, S.A.: The good, the bad and the ugly: a study of security decisions in a cyber-physical systems game. IEEE Trans. Software Eng. 45(5), 521–536 (2017)
Goeke, L., Quintanar, A., Beckers, K., Pape, S.: PROTECT – an easy configurable serious game to train employees against social engineering attacks. In: Fournaris, A.P., et al. (eds.) IOSEC/MSTEC/FINSEC -2019. LNCS, vol. 11981, pp. 156–171. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42051-2_11
Known Sense: Quer durch die Sicherheit game reference. http://www.known-sense.de/quer_durch_die_sicherheit_folder.pdf
Known Sense: Stadt Land HACK! homepage. http://www.known-sense.de/stadt_land_hack.pdf
Koshutanski, H., et al.: Threat-arrest platform’s initial reference architecture. Technical report, Threat-Arrest, Deliverable 1.3 (2019)
OWASP: Owasp snakes and ladders homepage (2013). https://owasp.org/www-project-snakes-and-ladders/
Rieb, A., Lechner, U.: Operation digital chameleon: towards an open cybersecurity method. In: Proceedings of the 12th International Symposium on Open Collaboration, pp. 1–10 (2016)
Saleh, T.: Covidlock update: deeper analysis of coronavirus android ransomware (2020). https://www.domaintools.com/resources/blog/covidlock-update-coronavirus-ransomware
Schaab, P., Beckers, K., Pape, S.: A systematic gap analysis of social engineering defence mechanisms considering social psychology. In: 10th International Symposium on Human Aspects of Information Security & Assurance, HAISA 2016, Frankfurt, Germany, 19–21 July 2016, Proceedings (2016). https://www.cscan.org/openaccess/?paperid=301
Schaab, P., Beckers, K., Pape, S.: Social engineering defence mechanisms and counteracting training strategies. Inf. Comput. Secur. 25(2), 206–222 (2017). https://doi.org/10.1108/ICS-04-2017-0022
Acknowledgements
This work was supported by European Union’s Horizon 2020 research and innovation program from the project THREAT-ARREST (grant agreement number: 786890) and CyberSec4Europe (grant agreement number: 830929).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Pape, S., Goeke, L., Quintanar, A., Beckers, K. (2020). Conceptualization of a CyberSecurity Awareness Quiz. In: Hatzivasilis, G., Ioannidis, S. (eds) Model-driven Simulation and Training Environments for Cybersecurity. MSTEC 2020. Lecture Notes in Computer Science(), vol 12512. Springer, Cham. https://doi.org/10.1007/978-3-030-62433-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-62433-0_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-62432-3
Online ISBN: 978-3-030-62433-0
eBook Packages: Computer ScienceComputer Science (R0)