2 research outputs found
Recommended from our members
Security awareness of computer users: A game based learning approach
This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.The research reported in this thesis focuses on developing a framework for game design to protect computer users against phishing attacks. A comprehensive literature review was conducted to understand the research domain, support the proposed research work and identify the research gap to fulfil the contribution to knowledge. Two studies and one theoretical design were carried out to achieve the aim of this research reported in this thesis. A quantitative approach was used in the first study while engaging both quantitative and qualitative approaches in the second study. The first study reported in this thesis was focused to investigate the key elements that should be addressed in the game design framework to avoid phishing attacks. The proposed game design framework was aimed to enhance the user avoidance behaviour through motivation to thwart phishing attack. The results of this study revealed that perceived threat, safeguard effectiveness, safeguard cost, self-efficacy, perceived severity and perceived susceptibility elements should be incorporated into the game design framework for computer users to avoid phishing attacks through their motivation. The theoretical design approach was focused on designing a mobile game to educate computer users against phishing attacks. The elements of the framework were addressed in the mobile game design context. The main objective of the proposed mobile game design was to teach users how to identify phishing website addresses (URLs), which is one of many ways of identifying a phishing attack. The mobile game prototype was developed using MIT App inventor emulator. In the second study, the formulated game design framework was evaluated through the deployed mobile game prototype on a HTC One X touch screen smart phone. Then a discussion is reported in this thesis investigating the effectiveness of the developed mobile game prototype compared to traditional online learning to thwart phishing threats. Finally, the research reported in this thesis found that the mobile game is somewhat effective in enhancing the user’s phishing awareness. It also revealed that the participants who played the mobile game were better able to identify fraudulent websites compared to the participants who read the website without any training. Therefore, the research reported in this thesis determined that perceived threat, safeguard effectiveness, safeguard cost, self-efficacy, perceived threat and perceived susceptibility elements have a significant impact on avoidance behaviour through motivation to thwart phishing attacks as addressed in the game design framework
Evaluation and Enhancement of Public Cyber Security Awareness
With the spread of the Internet and the technology, Cyberspace has become the life of everyone, which requires them to be aware of the threats of it. Also, to be prepared with the speed of the technology, whether electronic payment, social life, leisure work IOTŘŚ and everything. However, in spite of increasing security practices there has been a rise in the cyber security threats and attacks. As the life is becoming more and more dependent on the technology, the need for cyber security awareness has become an important activity that need to be practiced in order to be safe and secure from the increasing cyber threats. Considering these factors, this thesis focuses on developing and implementing the two cyber security awareness games, mainly Password Protector and Malware Guardian. As cyber security is a vast area and requires various secure practices that need to be adopted the scope of the study is limited to password security and malware protection.
Saudi Arabia is one of the fastest developing countries which has observed a tremendous increase in the use of internet and technology services and also the mobile devices for accessing various services. However, this adoption of technology is relatively new to the larger section, and the security practices that need to followed, may not be fully recognised by the population. Considering these developments, Saudi Arabia is used as the study location for implementing and evaluating the games. Initially a pilot study using a questionnaire based survey is conducted for understanding the level of cyber security awareness relating to the cyber security practices in Saudi Arabia. The results analysed from the study reflected poor understanding and awareness about password protection and malware concepts among the population. One of the interesting aspects identified from the pilot study is that most of the participants preferred mobile based application for generating cyber security awareness.
Accordingly, two mobile games are developed. In order to evaluate the impact of the games, a pre-study test was carried out using an online survey questionnaire to record the understanding of passwords and malware among the participants. Then the mobile games Password Protector and Malware Guardian were distributed to the participants using the download link. The participants used the games for three weeks, and then undertook the same survey that was used before playing the game. The impact of the games is then analysed by comparing the changes in the awareness levels of the participants after using the games. The results from the study were found to be having positive impact as the awareness levels have increased significantly among the participants. Participants ability to create a strong and complex password has been improved significantly after playing the Password Protection game. Similarly, participants awareness levels about the malware threats and the safety measures that need to be taken such as backup, installing anti-malware software, updates etc. was improved significantly after using the Malware Guardian game. The overall findings were discussed, analysed and correlated with influencing factors and explained in this study. Accordingly, this study has found that the gamification can significantly enhance cyber security awareness