Gamification of Information Security Awareness and Training

Eyvind Garder B. Gjertsen; Erlend Andreas Gjære; Maria Bartnes; Waldo Rocha Flores

doi:10.5220/0006128500590070

Gamification of Information Security Awareness and Training

Eyvind Garder B. Gjertsen, Erlend Andreas Gjære, Maria Bartnes, Waldo Rocha Flores

2017

Abstract

Security Awareness and Training (SAT) programs are commonly put in place to reduce risk related to insecure behaviour among employees. There are however studies questioning how effective SAT programs are in terms of improving end-user behaviours. In this context, we have explored the potential of applying the concept of gamification – i.e. using game mechanics – to increase motivation and learning outcomes. An interactive SAT prototype application was developed, based on interviews with security experts and a workshop with regular employees at two companies. The prototype was tested by employees in a second workshop. Our results indicate that gamification has potential for use in SAT programs, in terms of potential strengths in areas where current SAT efforts are believed to fail. There are however significant pitfalls one must avoid when designing such applications, and more research is needed on long-term effects of a gamified SAT application.

Download

Paper Citation

in Harvard Style

Gjertsen E., Gjære E., Bartnes M. and Flores W. (2017). Gamification of Information Security Awareness and Training . In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-209-7, pages 59-70. DOI: 10.5220/0006128500590070

in Bibtex Style

@conference{icissp17,
author={Eyvind Garder B. Gjertsen and Erlend Andreas Gjære and Maria Bartnes and Waldo Rocha Flores},
title={Gamification of Information Security Awareness and Training},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2017},
pages={59-70},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006128500590070},
isbn={978-989-758-209-7},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Gamification of Information Security Awareness and Training
SN - 978-989-758-209-7
AU - Gjertsen E.
AU - Gjære E.
AU - Bartnes M.
AU - Flores W.
PY - 2017
SP - 59
EP - 70
DO - 10.5220/0006128500590070