Australian Information Security Management Conference
Document Type
Conference Proceeding
Publisher
Security Research Centre, School of Computer and Security Science, Edith Cowan University, Perth, Western Australia
Abstract
Social engineering is now a major threat to users and systems in the online context, and it is therefore vital to educate potential victims in order to reduce their susceptibility to the related attacks. However, as with other aspects of security education, this firstly requires a means of getting the user’s attention. This paper presents details of an awarenessraising game that was developed in order to educate users in a more interactive way. A board game approach, combining reference material with themed multiple-choice questions, was implemented as an initial prototype, and evaluated with 21 users. The results suggested that the approach helped to increase players’ awareness of social engineering, with nobody scoring under 55% whilst playing the game, and 86% feeling they had improved their knowledge of the subjects involved.
DOI
10.4225/75/57b4004e30de7
Comments
7th Australian Information Security Management Conference, Perth, Western Australia, 1st to 3rd December 2009