Gamification of Information Security Awareness Training

Francia, Guillermo A.; Thornton, David; Trifas, Monica; Bowden, Timothy J.

doi:10.1016/b978-0-12-411474-6.00005-0

Cited by 7 publications

(3 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…When the literature is examined, it seen that gamification is used in many different areas including marketing [34,35], health [3,36], sustainability, journalism, entertainment [3] and education [3,[35][36][37][38]. Gamification is taken really seriously in countries which frequently use technology.…”

Section: Introductionmentioning

confidence: 99%

A Review of Research on Gamification Approach in Education

Kocakoyun¹,

Özdamlı²

2018

Socialization - A Multidimensional Perspective

View full text Add to dashboard Cite

Gamification has become the most popular topic of the last few years. Studies in gamification area are examined based on certain different criteria in this study and content analysis method was used in order to identify trends in this area. Web of Science were scanned through using gamification as keyword without year restriction. A total number of 313 studies were regarded as appropriate for the aim of the study and examined. It is seen that research in this area have begun in 2011 and increased every year. It is also seen that motivational theories are mostly preferred in the studies conducted in gamification area. It was determined that goal-duty, reward and progression sticks are the mostly used components as game components. It is seen that gamification applications are frequently preferred in virtual environment, simulation and augmented reality learning environments after mobile environments and in parallel with these, they are also preferred in learning areas such as public, service, food and health. Therefore, identifying different activities which could affect success in online environments, integrating these into education environment and provide these activities with theories appropriate for students' ages for them not to lose their motivation are essential.

show abstract

Section: Introductionmentioning

confidence: 99%

A Review of Research on Gamification Approach in Education

Kocakoyun¹,

Özdamlı²

2018

Socialization - A Multidimensional Perspective

View full text Add to dashboard Cite

show abstract

“…One potential way to continue to increase employees' 1) ability to detect and 2) motivation to report phishing emails might be through the gamification of the mock phishing campaign experience. The addition of gaming elements to non-gaming situations in this and other cyber-related contexts has been explored (Francia et al, 2014;Gjertsen et al, 2017;Emm, 2021;Khando et al, 2021). For example, gamification has demonstrated promise in the education of normal users regarding password security (Scholefield and Shepherd, 2019), and gamified systems can increase motivation to comply with security policy and reduce mock phishing failures, significantly outperforming training provided via email (Silic and Lowry, 2020).…”

Section: Background On Phishingmentioning

confidence: 99%

Phish Derby: Shoring the Human Shield Through Gamified Phishing Attacks

Canham¹,

Posey

Constantino

2022

Front. Educ.

View full text Add to dashboard Cite

To better understand employees’ reporting behaviors in relation to phishing emails, we gamified the phishing security awareness training process by creating and conducting a month-long “Phish Derby” competition at a large university in the U.S. The university’s Information Security Office challenged employees to prove they could detect phishing emails as part of the simulated phishing program currently in place. Employees volunteered to compete for prizes during this special event and were instructed to report suspicious emails as potential phishing attacks. Prior to the beginning of the competition, we collected demographics and data related to the concepts central to two theoretical foundations: the Big Five personality traits and goal orientation theory. We found several notable relationships between demographic variables and Phish Derby performance, which was operationalized from the number of phishing attacks reported and employee report speed. Several key findings emerged, including past performance on simulated phishing campaigns positively predicted Phish Derby performance; older participants performed better than their younger colleagues, but more educated participants performed poorer; and individuals who used a mix of PCs and Macs at work performed worse than those using a single platform. We also found that two of the Big Five personality dimensions, extraversion and agreeableness, were both associated with poorer performance in phishing detection and reporting. Likewise, individuals who were driven to perform well in the Phish Derby because they desired to learn from the experience (i.e., learning goal orientation) performed at a lower level than those driven by other goals. Interestingly, self-reported levels of computer skill and the perceived ability to detect phishing messages failed to exhibit a significant relationship with Phish Derby performance. We discuss these findings and describe how focusing on motivating the good in employee cyber behaviors is a necessary yet too often overlooked component in organizations whose training cyber cultures are rooted in employee click rates alone.

show abstract

“…They used visual metaphors like walls made from different materials for symbolizing password strength. The two games were self-explanatory and required only a short period of learning [20]. Additional work on educational games on phishing includes Anti-Phishing Phil by Sheng et al [35], and What.Hack by Wen et al [44].…”

Section: Deterding Et Al Analytically Defined the Term Asmentioning

confidence: 99%

"Get a Free Item Pack with Every Activation!" -- Do Incentives Increase the Adoption Rates of Two-Factor Authentication?

Busse,

Amft,

Hecker

et al. 2019

Preprint

View full text Add to dashboard Cite

Account security is an ongoing issue in practice. Two-Factor Authentication (2FA) is a mechanism which could help mitigate this problem, however adoption is not very high in most domains. Online gaming has adopted an interesting approach to drive adoption: Games offer small rewards such as visual modifications to the player's avatar's appearance, if players utilize 2FA. In this paper, we evaluate the effectiveness of these incentives and investigate how they can be applied to non-gaming contexts. We conducted two surveys, one recruiting gamers and one recruiting from a general population. In addition, we conducted three focus group interviews to evaluate various incentive designs for both, the gaming context and the non-gaming context. We found that visual modifications, which are the most popular type of gaming-related incentives, are not as popular in non-gaming contexts. However, our design explorations indicate that well-chosen incentives have the potential to lead to more users adopting 2FA, even outside of the gaming context.

show abstract

Gamification of Information Security Awareness Training

Cited by 7 publications

References 1 publication

A Review of Research on Gamification Approach in Education

A Review of Research on Gamification Approach in Education

Phish Derby: Shoring the Human Shield Through Gamified Phishing Attacks

"Get a Free Item Pack with Every Activation!" -- Do Incentives Increase the Adoption Rates of Two-Factor Authentication?

Contact Info

Product

Resources

About