Exploring a Board Game to Improve Cloud Security Training in Industry (Short Paper)

Zhao, Tiange; Gasiba, Tiago Espinha; Lechner, Ulrike; Pinto-Albuquerque, Maria

doi:10.4230/oasics.icpec.2021.11

Cited by 4 publications

(3 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Improving the current situation in terms of cyber security of cloud environments can be addressed through raising awareness surrounding the security of cloud deployments. This can be done through campaigns, either informative or structured as hands-on trainings [5,22].…”

Section: Discussionmentioning

confidence: 99%

A Large-Scale Study on the Security Vulnerabilities of Cloud Deployments

Iosif

Gasiba

Zhao

et al. 2022

Communications in Computer and Information Science

Self Cite

View full text Add to dashboard Cite

As cloud deployments are becoming ubiquitous, the rapid adoption of this new paradigm may potentially bring additional cyber security issues. It is crucial that practitioners and researchers pose questions about the current state of cloud deployment security. By better understanding existing vulnerabilities, progress towards a more secure cloud can be accelerated. This is of paramount importance especially with more and more critical infrastructures moving to the cloud, where the consequences of a security incident can be significantly broader. This study presents a data-centric approach to security research -by using three static code analysis tools and scraping the internet for publicly available codebases, a footprint of the current state of open-source infrastructure-as-code repositories can be achieved. Out of the scraped 44485 repository links, the study is concentrated on 8256 repositories from the same cloud provider, across which 292538 security violations have been collected. Our contributions consist of: (1) understanding on existing security vulnerabilities of cloud deployments, (2) contributing a list of Top Guidelines for practitioners to follow to securely deploy systems in the cloud, (3) providing the raw data for further studies.

show abstract

Section: Discussionmentioning

confidence: 99%

A Large-Scale Study on the Security Vulnerabilities of Cloud Deployments

Iosif

Gasiba

Zhao

et al. 2022

Communications in Computer and Information Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…The results of individual games are discussed in separate publications; this work focuses on applying those serious games in the industry under hybrid work. More details about the game CATS are introduced in previous work [12,16,61,71].…”

Section: Game Events Organizedmentioning

confidence: 99%

Thriving in the era of hybrid work: Raising cybersecurity awareness using serious games in industry trainings

Zhao,

Gasiba,

Lechner

et al. 2024

Journal of Systems and Software

View full text Add to dashboard Cite

“…We first proposed our serious game Cloud of Assets and Threats (CATS) in our previous work [40]. To the best of our knowledge, CATS is currently the only serious game that focuses solely on raising awareness about different roles and responsibilities in secure cloud deployments.…”

Section: Overview Of Catsmentioning

confidence: 99%

CATS: A Serious Game in Industry Towards Stronger Cloud Security

Zhao

Lechner

Pinto-Albuquerque

et al. 2023

Communications in Computer and Information Science

Self Cite

View full text Add to dashboard Cite

Cloud computing has become a widely applied technology in the industry. Broad network access as a characteristic of cloud computing brings business value. It poses threats to cloud assets due to a greater attack surface than on-premises and other service models. Industry standards aim to regulate cloud security by enforcing best practices. To comply with the standards, practitioners in the industry are mandated to be trained to understand basic concepts of attack and defense mechanisms in cloud security to protect assets in the cloud. This work presents a serious game: Cloud of Assets and Threats (CATS), as an enrichment to the traditional training material to raise awareness about the cloud security challenges. In this paper, we introduce the design elements and implementation details of CATS. We organized eight game events with 94 industrial practitioners to validate our design. We applied a questionnaire and conducted semi-structured interviews with the game participants to evaluate the impact of the game and collect feedback. The evaluation indicates that CATS is a promising innovative method for promoting awareness of cloud security issues among practitioners in the industry, regardless of their technical background. Our main contributions are the design of such a game and the understanding of the impact of playing the CATS game in the industry.

show abstract

Exploring a Board Game to Improve Cloud Security Training in Industry (Short Paper)

Cited by 4 publications

References 0 publications

A Large-Scale Study on the Security Vulnerabilities of Cloud Deployments

A Large-Scale Study on the Security Vulnerabilities of Cloud Deployments

Thriving in the era of hybrid work: Raising cybersecurity awareness using serious games in industry trainings

CATS: A Serious Game in Industry Towards Stronger Cloud Security

Contact Info

Product

Resources

About