Gamification of Information Security Awareness and Training

Sammendrag

Security Awareness and Training (SAT) programs are commonly put in place to reduce risk related to insecure behaviour among employees. There are however studies questioning how effective SAT programs are in terms of improving end-user behaviours. In this context, we have explored the potential of applying the concept of gamification – i.e. using game mechanics – to increase motivation and learning outcomes. An interactive SAT prototype application was developed, based on interviews with security experts and a workshop with regular employees at two companies. The prototype was tested by employees in a second workshop. Our results indicate that gamification has potential for use in SAT programs, in terms of potential strengths in areas where current SAT efforts are believed to fail. There are however significant pitfalls one must avoid when designing such applications, and more research is needed on long-term effects of a gamified SAT application.

Les publikasjonen

Kategori

Vitenskapelig Kapittel/Artikkel/Konferanseartikkel

Oppdragsgiver

EU / 360:699306

Språk

Engelsk

Forfatter(e)

Eyvind Gaarder Bull Gjertsen
Erlend Andreas Gjære
Maria Bartnes
Waldo Rocha Flores

Institusjon(er)

Norges teknisk-naturvitenskapelige universitet
SINTEF Digital / Software Engineering, Safety and Security
SINTEF Konsernstab
Ernst & Young

År

2017

Forlag

SciTePress

Bok

Proceedings of the 3rd International Conference on Information Systems Security and Privacy, Porto, Portugal, 19 - 21 February, 2017

ISBN

978-989-758-209-7

Side(r)

59 - 70

DOI

https://doi.org/10.5220/0006128500590070

Les fulltekst

https://hdl.handle.net/11250/2462736

Vis denne publikasjonen hos Cristin

Kontakt oss

Tjenester

Rapporter og publikasjoner

Forskningssenter og samarbeid

Karriere

Bærekraft

Institutter

Andre enheter

Ledelse og organisering

Om oss

Følg oss