Design and preliminary evaluation of a cyber Security Requirements Education Game (SREG)

Yasin, Affan; Liu, Lin; Li, Tong; Wang, Jianmin; Zowghi, Didar

doi:10.1016/j.infsof.2017.12.002

Cited by 58 publications

(56 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Accordingly, there has been a shift in thinking about the best ways of combating cybercrime to emphasise creating awareness and encouraging individuals to adopt better cybersecurity practices [31], including gamified approaches to educate users and improve their threat avoidance behaviour. Gamification shows promise as a technique to enhance the effectiveness of cybersecurity awareness programs, and several cybersecurity games have been developed to engage users better and change their behaviour to avoid cyberattacks [32].…”

Section: Literature Reviewmentioning

confidence: 99%

Design and Evaluation of an Augmented Reality Game for Cybersecurity Awareness (CybAR)

Alqahtani

Kavakli

2020

Information

View full text Add to dashboard Cite

The number of damaging cyberattacks is increasing exponentially due in part to lack of user awareness of risky online practices, such as visiting unsafe websites, ignoring warning messages, and communicating with unauthenticated entities. Although research has established the role that game-based learning can play in cognitive development and conceptual learning, relatively few serious mobile games have been developed to educate users about different forms of cyberattack and ways of avoiding them. This paper reports the development of an effective augmented reality (AR) game designed to increase cybersecurity awareness and knowledge in an active and entertaining way. The Cybersecurity Awareness using Augmented Reality (CybAR) game is an AR mobile application that teaches not only cybersecurity concepts, but also demonstrates the consequences of actual cybersecurity attacks through feedback. The design and evaluation of the application are described in detail. A survey was conducted to verify the effectiveness of the game received positive responses from 91 participants. The results indicate that CybAR is useful for players to develop an understanding of cybersecurity attacks and vulnerabilities.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Design and Evaluation of an Augmented Reality Game for Cybersecurity Awareness (CybAR)

Alqahtani

Kavakli

2020

Information

View full text Add to dashboard Cite

show abstract

“…For example, making internet not working for the target victim computer and further offer the victim to make it work. This will help him to introduce him/her as well as direct access to a computer to search and install what he/she wants Tailgating 16,26,27 In this type of attack, an attacker accesses the organization's premises without any legal identity just by following the authorized person of the organization…”

Section: Social Engineering Attacks References Explanationmentioning

confidence: 99%

“…Need & greed attack 16,27 In need and greed attack, the attacker first gathers information of the needs and greed for the victim and further uses this information to collect formation needed Direct approach 16,27 In this type of attack, an attacker directly approaches the victim to get the desired information Distraction approach 2,16 In this type of attack, an attacker involves in an activity to redirect victim's attention File masquerading 9 In File masquerading attack infected file is placed in the trusted folder. The victim when opens the folder will trust and execute the file without any fear…”

Section: Social Engineering Attacks References Explanationmentioning

confidence: 99%

“…Impersonation 1,3,13,14,16,24 In this type of attack, an attacker pretends to be another person. For example, attacker pretending to be a police officier or income tax officier Pretexting 8,16,25,27 In this type of attack, a fictional or hypothetical situation is created to get the desired information or data. For example, Victim has not paid income tax for his/her income for last many years Water holing 1,4,9,16,21,25 In this type of attack, attacker infects the most frequent website visited by the victim.…”

Section: Social Engineering Attacks References Explanationmentioning

confidence: 99%

See 1 more Smart Citation

Contemplating social engineering studies and attack scenarios: A review study

Yasin

Fatima

Liu

et al. 2019

Security and Privacy

Self Cite

View full text Add to dashboard Cite

The previous year has seen an enormous increase in the studies related to social engineering. This increase is partly due to increasing number of social engineering attacks and partly due to people's inability to identify the attack. Thus, it is of great importance to find solutions which are helpful for human to understand the social engineering attacks and scenarios. To address this, we have performed a literature review of studies (on social engineering) in top-notch journals and conferences. In this paper, we have enlisted the types of attacks, and the persuasion techniques used by social engineers as listed in the literature. We also combined different theories which researchers tried to use to explain various activities of social engineers. Furthermore, we have mentioned that a better understanding of the social engineering attack scenarios can be done using thematic and game-based analysis techniques.Preliminary empirical evaluation of the proposed game based method shows overall neutral results. Future extension and evaluation is needed for the proposed methods. K E Y W O R D Scybercrime, cyber-security, human factors, human-centered, information security, review, social engineering

show abstract

“…For example, in view of Pak Nejad et al (2014), data growth, technology expansion, and access to required resources can enhance the chances of cyber-risk. For other authors (e.g., Yasin, 2018), the increasing number of cyber threats and their associated costs have pressured many organizations to adopt the technology and use all possible tools and technologies in an attempt to protect its data and information from being hacked or stolen through the different means of technologies like software, programs, and risk management approaches. However, few studies have examined the effects of cyber-security on organizational internal process and the role of technological infrastructure in minimizing these effects.…”

Section: Introductionmentioning

confidence: 99%

Cyber-security effect on organizational internal process: mediating role of technological infrastructure

Kilani

2020

Problems and Perspectives in Management

View full text Add to dashboard Cite

Adopting the technologies among organizations comes with the continuous worries of protection and hacking. The idea of cyber-security has become over the years the main interest of many organizations, which depend on technologies in its operations, which requires them to pay extra attention to their technological infrastructure. The current study aims at examining the influence of cyber-security forces on organizational internal operations and the role of technological infrastructure in defining and controlling the level of protection that cyber-security has on organizational internal processes. Quantitative approach was adopted, and a questionnaire was utilized to collect the data from a convenient sample of 360 software engineers, network engineers, software testers, web developers, and technical support using a structured survey questionnaire, and analyzed using SPSS version 21. The results confirmed that cyber-security motivators (data growth, technology expansion, access to required resources, operational control, and technical control) indirectly affect solid internal processes that are attributed to the consistency of technological infrastructure in an organization. The variable of ‘data growth’ appeared to be the most influential motivator on cyber-security strategies, as it scored a mean of 4.2661, which is the highest among all adopted variables and followed by the variable of ‘technical control’, which scored a mean of 4.1296. Accordingly, the study recommends that organizations should consider IT infrastructure as a main item within their risk management strategies to avoid unpredicted risks and attacks.

show abstract

Design and preliminary evaluation of a cyber Security Requirements Education Game (SREG)

Cited by 58 publications

References 31 publications

Design and Evaluation of an Augmented Reality Game for Cybersecurity Awareness (CybAR)

Design and Evaluation of an Augmented Reality Game for Cybersecurity Awareness (CybAR)

Contemplating social engineering studies and attack scenarios: A review study

Cyber-security effect on organizational internal process: mediating role of technological infrastructure

Contact Info

Product

Resources

About