PROTECT – An Easy Configurable Serious Game to Train Employees Against Social Engineering Attacks

Goeke, Ludger; Quintanar, Alejandro; Beckers, Kristian; Pape, Sebastian

doi:10.1007/978-3-030-42051-2_11

Cited by 8 publications

(9 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A serious game model includes information about the following two types of games: PROTECT [37] or Awareness Quiz [38]. Updates occurred only on the creation of the latter.…”

Section: Serious Gamementioning

confidence: 99%

“…Phishing and social engineering -Main lecture and educational material -Emulation of a virtual lab with an email phishing scenario and the use of OpenPGP software (Kleopatra) -Serious game for targeted social engineering on system administrators with the PROTECT game [37] The everlasting effects of social-engineering with a focus on phishing attacks, as well as email security authentication, integrity, and confidentiality.…”

Section: The Iot-enabled Smart Home Use Case 61 Outlinementioning

confidence: 99%

See 1 more Smart Citation

CYRA: A Model-Driven CYber Range Assurance Platform

et al. 2021

View full text Add to dashboard Cite

Digital technologies are facilitating our daily activities, and thus leading to the social transformation with the upcoming 5G communications and the Internet of Things. However, mainstream and sophisticated attacks are remaining a threat, both for individuals and organisations. Cyber Range emerges as a promising solution to effectively train people in cybersecurity aspects. A Training Programme is considered adequate only if it can adapt to the scope of the attacks they cover and if the trainees apply the learning material to the operational system. Therefore, this study introduces the model-driven CYber Range Assurance platform (CYRA). The solution allows a trainee to be trained for known and new cyber-attacks by adapting to the continuously evolving threat landscape and examines if the trainees transfer the acquired knowledge to the working environment. Furthermore, this paper presents a use case on an operational backend ICT system, showing how the CYRA platform was utilised to increase the security posture of the organisation.

show abstract

“…A serious game model includes information about the following two types of games: PROTECT [37] or Awareness Quiz [38]. Updates occurred only on the creation of the latter.…”

Section: Serious Gamementioning

confidence: 99%

Section: The Iot-enabled Smart Home Use Case 61 Outlinementioning

confidence: 99%

CYRA: A Model-Driven CYber Range Assurance Platform

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Some recent examples of SGs, such as 'Riskio' [25], 'CybAR' [2], 'AWATO' [18] and 'PROTECT' [21] look to provide innovation, incorporate new technologies, or tackle areas of knowledge that have seen little attention in this form. CybAR utilises augmented reality within a mobile application to increase awareness of different cyber attack forms.…”

Section: Related Workmentioning

confidence: 99%

SCIPS: A serious game using a guidance mechanic to scaffold effective training for cyber security

O’Connor

Hasshu

Bielby

et al. 2021

Information Sciences

View full text Add to dashboard Cite

“…THREAT-ARREST combines all modern training aspects of serious gaming [25,26], emulation and simulation in a concrete manner [27], and offers continuous security assurance and programme adaptation based on the trainee's performance and skills (Table 1). The platform [24] offers training on known and/or new advanced cyber-attack scenarios, taking different types of action against them, including: preparedness, detection and analysis, incident response, and post incident response actions.…”

Section: Modern Cyber-security Training Platformsmentioning

confidence: 99%

“…With this Tool, we can: (i) export the system's security vulnerabilities and threats, (ii) conduct a risk analysis to identify the most significant of them, and (iii) perform statistical analysis on the various system log-files in order to produce realistic synthetic logs (i.e., with the platform's Data Fabrication Tool). Afterwards, these logs are utilized by the CTTP models and can be processed by the Gamification, Emulation, and/or Simulation Tools [25][26][27].…”

Section: Teaching and Learning Strategiesmentioning

confidence: 99%

Modern Aspects of Cyber-Security Training and Continuous Adaptation of Programmes to Trainees

et al. 2020

View full text Add to dashboard Cite

Nowadays, more-and-more cyber-security training is emerging as an essential process for the lifelong personnel education in organizations, especially for those which operate critical infrastructures. This is due to security breaches on popular services that become publicly known and raise people’s security awareness. Except from large organizations, small-to-medium enterprises and individuals need to keep their knowledge on the related topics up-to-date as a means to protect their business operation or to obtain professional skills. Therefore, the potential target-group may range from simple users, who require basic knowledge on the current threat landscape and how to operate the related defense mechanisms, to security experts, who require hands-on experience in responding to security incidents. This high diversity makes training and certification quite a challenging task. This study combines pedagogical practices and cyber-security modelling in an attempt to support dynamically adaptive training procedures. The training programme is initially tailored to the trainee’s needs, promoting the continuous adaptation to his/her performance afterwards. As the trainee accomplishes the basic evaluation tasks, the assessment starts involving more advanced features that demand a higher level of understanding. The overall method is integrated in a modern cyber-ranges platform, and a pilot training programme for smart shipping employees is presented.

show abstract

PROTECT – An Easy Configurable Serious Game to Train Employees Against Social Engineering Attacks

Cited by 8 publications

References 10 publications

CYRA: A Model-Driven CYber Range Assurance Platform

CYRA: A Model-Driven CYber Range Assurance Platform

SCIPS: A serious game using a guidance mechanic to scaffold effective training for cyber security

Modern Aspects of Cyber-Security Training and Continuous Adaptation of Programmes to Trainees

Contact Info

Product

Resources

About