A video game for cyber security training and awareness

Cone, Benjamin D.; Irvine, Cynthia E.; Thompson, Michael F.; Nguyen, Thuy D.

doi:10.1016/j.cose.2006.10.005

Cited by 181 publications

(105 citation statements)

References 10 publications

(8 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…[3] The game is extensible in that new CyberCIEGE scenarios tailored to specific audiences and topics are easily created. The scenario definition language expresses security-related risk management trade-offs to be developed for different scenarios.…”

Section: Basic Cyberciege Componentsmentioning

confidence: 99%

See 1 more Smart Citation

Simulation of PKI-enabled communication for identity management using CyberCIEGE

Irvine

Thompson²

2010

2010 - Milcom 2010 Military Communications Conference

View full text Add to dashboard Cite

Abstract-CyberCIEGE is a sophisticated network security simulation packaged as a video game and used by educators around the world to enhance information assurance education and training at universities, community colleges, within the DoD, and in other government agencies. The CyberCIEGE game engine was recently expanded to include Public Key Infrastructure (PKI) features including certification authorities, selection of installed roots and cross certification. CyberCIEGE Virtual Private Network (VPN) gateways, VPN clients and email clients were then extended to incorporate the new PKI features. CyberCIEGE PKI abstractions are described in terms of player configuration choices and the consequences of these choices on network management and vulnerabilities. The CyberCIEGE game engine modifications include modeling of chains of trust and risks of cross certification schemes. The benefits of these enhancements include coherent integration of identity management technologies, ranging from the human interface through to the supporting distributed infrastructure, into scenarios. Benefits also include support for recent new scenarios focused on the PKI infrastructure, identity management, or both; and the ability to tie both identity management and PKI to concepts of identification, authentication, provenance, and access control.

show abstract

Section: Basic Cyberciege Componentsmentioning

confidence: 99%

“…At the simple end of the spectrum, scenarios can be constructed to make students aware of the importance of strong passwords and the dangers of email attachments [3]. More complex scenarios teach students how to configure systems and networks, for example how to set up router filtering to support various policy objectives.…”

Section: Introductionmentioning

confidence: 99%

Simulation of PKI-enabled communication for identity management using CyberCIEGE

Irvine

Thompson²

2010

2010 - Milcom 2010 Military Communications Conference

View full text Add to dashboard Cite

show abstract

“…Formal Training S essions represent the traditional approach to user training and awareness [9]. It could be in form of a video, in person training or specialised online training.…”

Section: Common Current Training and Awareness Techniquesmentioning

confidence: 99%

“…There are a number of government-sponsored sites with tips, newsletters, resources and even videos for home users and small businesses 3. S trategic placement of awareness messages can raise the level of awareness through the delivery of the message by methods such as posters in public places, email messages, and media (TV adverts, newspapers) [9].…”

Section: Common Current Training and Awareness Techniquesmentioning

confidence: 99%

The urgent need for an enforced awareness programme to create internet security awareness in nigeria

Adelola

Dawson

Batmaz

2015

Proceedings of the 17th International Conference on Information Integration and Web-Based Applications &Amp; Services

View full text Add to dashboard Cite

“…Education is a core component of the defence-in-depth model and in the instance of semantic attacks relates to areas where technical security mechanisms have proven to be inadequate. Interactive training maximises learning and awareness, such as bite-size quizzes, tests or games [Kumaraguru 2009;Cone et al 2007;Arachchilage et al 2012;Sheng et al 2007], which when applied periodically provide education on the characteristics of different attack types. A large proportion of research into awareness training has focused on the approach of content, the methodology of its delivery and how data gathered from testing and formal application can be used to shape security policy and user training programmes [Kruger and Wayne 2006;Kirlappos and Sasse 2012].…”

Section: Organisationalmentioning

confidence: 99%

A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks

2015

View full text Add to dashboard Cite

Social engineering is used as an umbrella term for a broad spectrum of computer exploitations that employ a variety of attack vectors and strategies to psychologically manipulate a user. Semantic attacks are the specific type of social engineering attacks that bypass technical defences by actively manipulating object characteristics, such as platform or system applications, to deceive rather than directly attack the user. Commonly observed examples include obfuscated URLs, phishing emails, drive-by downloads, spoofed websites and scareware to name a few. This paper presents a taxonomy of semantic attacks, as well as a survey of applicable defences. By contrasting the threat landscape and the associated mitigation techniques in a single comparative matrix, we identify the areas where further research can be particularly beneficial.

show abstract

A video game for cyber security training and awareness

Cited by 181 publications

References 10 publications

Simulation of PKI-enabled communication for identity management using CyberCIEGE

Simulation of PKI-enabled communication for identity management using CyberCIEGE

The urgent need for an enforced awareness programme to create internet security awareness in nigeria

A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks

Contact Info

Product

Resources

About