Design of cyber security awareness game
utilizing a social media framework
WA Labuschagne
N Veerasamy
I Burke
I Burke
UNISA
Pretoria, South Africa
CSIR
Pretoria, South Africa
CSIR
Pretoria, South Africa
CSIR
Pretoria, South Africa
In Information Security South Africa (ISSA), 2011
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Outline

Introduction

Motivation For Game Design

Requirements

Security Awareness Games

Design of Game

Future Work

Conclusions
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Introduction

To be aware of safe cyber practices

Not just technical staff, but all users

A number of universities now recommend providing security awareness
training and education components for students and staff

Home users could also benefit from cyber security awareness
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Motivation For Game Design

Directed Communication

One-directional communication


Pamphlets, emails, intranet pages, screen savers, posters, mouse pads,
pens, games, formal presentations and training sessions
Information Richness


Web
Three medias:



Hypermedia
Multimedia
Hypertext
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Requirements

A comprehensive database of questions

Weighting of the questions

The use of practical data

Tool should be automated

Game dynamics

Easy accessible

Effortless

Acceptance by the user
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Requirements

A comprehensive database of questions

Determine the current knowledge level

Critical game component

Random set to be selected each time

An extensive database to prevent presenting the same questions

Ensure the topic is sufficiently
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Requirements

A comprehensive database of questions

Weighting of the questions

The use of practical data

Tool should be automated

Game dynamics

Easy accessible

Effortless

Acceptance by the user
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Requirements

Weighting of the questions

The higher the weights, the harder the questions

More challenging

Progressively become more difficult

Create different levels
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Requirements

A comprehensive database of questions

Weighting of the questions

The use of practical data

Tool should be automated

Game dynamics

Easy accessible

Effortless

Acceptance by the user
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Requirements

The use of practical data

The data should reflect real life scenarios

The knowledge acquired during the game could be applied in the current
environment

The relevance of the data should be applicable and disseminated into easy
interpretable knowledge fragments

The trends provide a list of threats
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Requirements

A comprehensive database of questions

Weighting of the questions

The use of practical data

Tool should be automated

Game dynamics

Easy accessible

Effortless

Acceptance by the user
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Requirements

Tool should be automated

No intervention and supervision of humans

Computation has to be done by the system

Users will be guided by the system

Multiple users can play the game simultaneously

Social network allows multiple users to interact with the game
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Requirements

A comprehensive database of questions

Weighting of the questions

The use of practical data

Tool should be automated

Game dynamics

Easy accessible

Effortless

Acceptance by the user
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Requirements

Game dynamics

Namely appointment

Influence and status

Progression

Communal discovery
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Requirements

A comprehensive database of questions

Weighting of the questions

The use of practical data

Tool should be automated

Game dynamics

Easy accessible

Effortless

Acceptance by the user
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Requirements

Easy accessible

Resources located on a PC at home or within a private internal network are
not easily accessible

Using internet

Web browser

Mobile devices, such as smartphones
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Requirements

A comprehensive database of questions

Weighting of the questions

The use of practical data

Tool should be automated

Game dynamics

Easy accessible

Effortless

Acceptance by the user
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Requirements

Effortless


A good interface provides the users with an experience which build trust
with the application, increase productivity and reduces erroneous use,
which frustrates the user
A list of critical factors:










Visibility of system status
Match between system and the real world
User control and freedom
Consistency and standards
Error prevention
Help users recognize, diagnose, and recover from errors
Recognition rather than recall
Flexibility and efficiency of use
Aesthetic and minimalist design
Help and documentation
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Requirements

A comprehensive database of questions

Weighting of the questions

The use of practical data

Tool should be automated

Game dynamics

Easy accessible

Effortless

Acceptance by the user
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Requirements

Acceptance by the user


The Technology Acceptance Model (TAM)

Perceived Usefulness (PU)

Perceived Ease of Use (PE)
Extended TAM Model to accommodate social networking sites

Perceived Usefulness (PU)

Perceived Ease of Use (PE)

Perceived Playfulness (PP)

Perceived Security (PS)
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Security Awareness Games

There are two games from the USA Department of Defense:


CyberCiege

Highly extensible game for teaching information assurance concepts

Runs on a standalone computer system
CyberProtect

With an interactive security experience

On-line game, but not use a social networking site.
* Both of the two games are designed for technical staffs
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Design of Game
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Design of Game
High-level view of game
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Design of Game
Mix of hypertext and multimedia
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Design of Game
Sample question and status
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Design of Game
Badge and achievements
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Future Work

A functional prototype that can be effectively used as part
of awareness program

Test more

Deploy the game in a social networking site environment
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Conclusions

Present the design of an online game which utilizes social
networking sites

Create awareness on cyber security topics by using a
virtual tool to educate and test users using a social
networking environment
Graduate Programs in Computer Science
http://www.cs.utsa.edu
Thank you!

Questions?
Graduate Programs in Computer Science
http://www.cs.utsa.edu