Kris Heid
ABSTRACT
Smartphones are more and more included into our personal and business environment. A data leakage of personal data violates our privacy, leaked business data might even mean a huge financial loss. Thus, many companies provide IT-security training to their employers. Classic security workshops are often considered old-fashioned and boring. Thus, this work presents a novel, continuous mobile security training concept. This concept provides mechanism to generate game data based on automated IT-security analysis of installed apps on the user's smartphone. Thus, raising personal concern through revealing vulnerabilities of the user's own work environment. We also increase the user engagement through the identification of new game mechanisms such as multi-player and rewards through badges, levels or experience points.
- Appannie. 2017. Spotlight on Consumer App Usage. http://files.appannie.com.s3.amazonaws.com/reports/1705_Report_Consumer_App_Usage_EN.pdfGoogle Scholar
- P. Backlund and M. Hendrix. 2013. Educational games - Are they worth the effort? A literature survey of the effectiveness of serious games, In 2013 5th International Conference on Games and Virtual Worlds for Serious Applications (VS-GAMES). Games and Virtual Worlds for Serious Applications (VS-GAMES 2013) 5, 1--8. https://doi.org/10.1109/VS-GAMES.2013.6624226Google ScholarCross Ref
- IBM Corporation. 2014. Cyber Security Intelligence Index. Technical Report. IBM Corporation. https://i.crn.com/sites/default/files/ckfinderimages/userfiles/images/crn/custom/IBMSecurityServices2014.PDFGoogle Scholar
- C. Fellbaum and G.A. Miller. 1998. WordNet: An Electronic Lexical Database. MIT Press. https://books.google.de/books?id=Rehu8OOzMIMCGoogle Scholar
- Christopher Cunningham Gabe Zichermann. 2011. Gamification by Design, Implementing Game Mechanics in Web and Mobile Apps. O'Reilly Media.Google Scholar
- Jens Heider. 2020. Appicaptor. Fraunhofer SIT. https://www.sit.fraunhofer.de/en/appicaptor/Google Scholar
- Ryan J. Baxter, Darin Holderness, and David Wood. 2015. Applying Basic Gamification Techniques to IT Compliance Training: Evidence from the Lab and Field. Journal of Information Systems 30 (11 2015). https://doi.org/10.2308/isys-51341Google Scholar
- Kaspersky. 2000. KIPS: Kaspersky Interactive Protection Simulation. Kaspersky. Retrieved June 7, 2006 from https://media.kaspersky.com/en/business-security/enterprise/KL_SA_KIPS_overview_A4_Eng_web.pdfGoogle Scholar
- Kaspersky. 2017. The Human Factor in IT Security: How Employees are Making Businesses Vulnerable from Within. Kaspersky. https://www.kaspersky.com/blog/the-human-factor-in-it-security/Google Scholar
- William Aubrey Labuschagne and Mariki Eloff. 2014. The effectiveness of online gaming as part of a security awareness program. In 13th European Conference on Cyber Warfare and Security ECCWS-2014 The University of Piraeus Piraeus, Greece. 125.Google Scholar
- Trend Micro. 2015. The Fugle. http://targetedattacks.trendmicro.com/about-the-game.htmlGoogle Scholar
- Scott Nicholson. 2015. A RECIPE for Meaningful Gamification. Springer, Cham, 1--20. https://doi.org/10.1007/978-3-319-10208-5_1Google Scholar
- E. D. Oroszi. 2019. Security awareness escape room - a possible new method in improving security awareness of users. In 2019 International Conference on Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA). 1--4.Google ScholarCross Ref
- Andreas Papasalouros, Konstantinos Kanaris, and Konstantinos Kotis. 2008. Automatic Generation Of Multiple Choice Questions From Domain Ontologies.. In e-Learning. Citeseer, 427--434.Google Scholar
- PricewaterhouseCoopers. 2014. Key Findings from the 2014 US State of Cybercrime Survey. Technical Report. CERT Division of the Software Engineering Institute. https://www.pwc.com/us/en/increasing-it-effectiveness/publications/assets/2014-us-state-of-cybercrime.pdfGoogle Scholar
- PricewaterhouseCoopers. 2020. Game of Threats. https://www.pwc.co.uk/issues/cyber-security-data-privacy/services/game-of-threats.htmlGoogle Scholar
- Naval Postgraduate School. 2020. CyberCIEGE. https://my.nps.edu/web/c3o/cyberciegeGoogle Scholar
- Z Cliffe Schreuders and EM Butterfield. 2016. Gamification for teaching and learning computer security in higher education. In 2016 USENIX Workshop on Advances in Security Education (ASE 16). USENIX Association.Google Scholar
- David Thornton and G Francia. 2014. Gamification of information systems and security training: Issues and case studies. Information Security Education Journal 1, 1 (2014), 16--24.Google Scholar
Index Terms
Raising Security Awareness on Mobile Systems through Gamification
Recommendations
New mutual agreement protocol to secure mobile RFID-enabled devices
AbstractThe design of a secure communication scheme for Radio Frequency IDentification (RFID) systems has been extensively studied in recent years in view of the awareness of individual privacy and the requirement of robust system security. ...
RFID system with fairness within the framework of security and privacy
ESAS'05: Proceedings of the Second European conference on Security and Privacy in Ad-Hoc and Sensor NetworksRadio Frequency Identification (RFID) systems are expected to be widely deployed in automated identification and supply-chain applications. Although RFID systems have several advantages, the technology may also create new threats to user privacy. In ...
Exploring Employee Perspectives on Information Privacy and Security in the Mobile Environment
Proceedings of the Symposium on Human Interface 2009 on ConferenceUniversal Access in Human-Computer Interaction. Part I: Held as Part of HCI International 2009Maintaining information privacy and security in the mobile environment, an issue having personal and organizational implications, remains a challenge because the context of a mobile device can change rapidly. In response to this, the authors have been ...
Comments