Australian Information Security Management Conference

Document Type

Conference Proceeding


Security Research Centre, School of Computer and Security Science, Edith Cowan University, Perth, Western Australia


Originally published in the Proceedings of the 7th Australian Information Security Management Conference, Perth, Western Australia, 1st to 3rd December 2009


Social engineering is now a major threat to users and systems in the online context, and it is therefore vital to educate potential victims in order to reduce their susceptibility to the related attacks. However, as with other aspects of security education, this firstly requires a means of getting the user’s attention. This paper presents details of an awarenessraising game that was developed in order to educate users in a more interactive way. A board game approach, combining reference material with themed multiple-choice questions, was implemented as an initial prototype, and evaluated with 21 users. The results suggested that the approach helped to increase players’ awareness of social engineering, with nobody scoring under 55% whilst playing the game, and 86% feeling they had improved their knowledge of the subjects involved.