CYBERCIEGE VIDEOS: FROM ENGLISH TO SPANISH; VÍDEOS DE CYBERCIEGE: DEL INGLÉS AL ESPAÑOL

CyberCIEGE, a video game developed by the Naval Postgraduate School, supports cybersecurity awareness and education. A set of popular educational movies accompanies the game. The CyberCIEGE video collection was initially developed in English, thus limiting the diversity of its user population. In addition, the video format of the original movies (SWF) is being phased out due to security concerns associated with SWF video players. This capstone addresses the need for increased diversity of those familiar with cybersecurity basics by further introducing the Spanish-speaking community to 21st-century cybersecurity concepts. The CyberCIEGE movies were translated into Spanish to reach a broader audience while retaining the technical meaning of the concepts discussed. To contain costs, we demonstrate that it is possible to use open-source tools freely available for the Linux Operating System platform to produce reliable movies in both English and Spanish for web streaming. Recordings were created with Audacity and integrated as separate tracks to each corresponding movie via OpenShot. Afterward, the movies were exported to the MP4 file format for web streaming. In addition, the original English language movies were directly converted to MP4 file format via OpenShot. Detailed documentation ensures the repeatability of our processes. This work has increased the longevity of the CyberCIEGE video collection while expanding its viewership to a larger, more diverse audience.Chief Petty Officer, United States NavyApproved for public release. Distribution is unlimited

A cyberciege traffic analysis extension for teaching network security

CyberCIEGE is an interactive game simulating realistic scenarios that teaches the players Information Assurance (IA) concepts. The existing game scenarios only provide a high-level abstraction of the networked environment, e.g., nodes do not have Internet protocol (IP) addresses or belong to proper subnets, and there is no packet-level network simulation. This research explored endowing the game with network level traffic analysis, and implementing a game scenario to take advantage of this new capability. Traffic analysis is presented to players in a format similar to existing tools such that learned skills may be easily transferred to future real-world situations. A network traffic analysis tool simulation within CyberCIEGE was developed and this new tool provides the player with traffic analysis capability. Using existing taxonomies of cyber-attacks, the research identified a subset of network-based attacks most amenable to modeling and representation within CyberCIEGE. From the attacks identified, a complementary CyberCIEGE scenario was developed to provide the player with new educational opportunities for network analysis and threat identification. From the attack scenario, players also learn about the effects of these cyber-attacks and glean a more informed understanding of appropriate mitigation measures.http://archive.org/details/acyberciegetraff109451057

Game based cyber security training: are serious games suitable for cyber security training?

Security research and training is attracting a lot of investment and interest from governments and the private sector. Most efforts have focused on physical security, while cyber security or digital security has been given less importance. With recent high-profile attacks it has become clear that training in cyber security is needed. Serious Games have the capability to be effective tools for public engagement and behavioural change and role play games, are already used by security professionals. Thus cyber security seems especially well-suited to Serious Games. This paper investigates whether games can be effective cyber security training tools. The study is conducted by means of a structured literature review supplemented with a general web search. While there are early positive indications there is not yet enough evidence to draw any definite conclusions. There is a clear gap in target audience with almost all products and studies targeting the general public and very little attention given to IT professionals and managers. The products and studies also mostly work over a short period, while it is known that short-term interventions are not particularly effective at affecting behavioural change

Broadening Information Assurance Awareness by Gaming

Abstrac

Serious Games for IT-Security Education

In recent years, the notion of gamification has gained some interest within the scientific community. Gamification denotes the use of typical gaming mechanisms, like collecting points, reaching different levels or gaining a spot on a highscore list, in a non-gaming related context. One of the most important application areas of gamification is education, e. g. learning a foreign language or basic arithmetics. There have been, however, few attempts to use games for IT-Security education. The present paper will review the existing approaches in this area, present a serious game that has been produced at Stuttgart Media University on behalf of the swiss bank UBS, and will provide an outlook on planned further activities in this area

Cyber Space Odyssey: A Competitive, Team-Oriented Serious Game in Computer Networking

Cyber Space Odyssey (CSO) is a novel serious game supporting computer networking education by engaging students in a race to successfully perform various cybersecurity tasks in order to collect clues and solve a puzzle in virtual near-Earth 3D space. Each team interacts with the game server through a dedicated client presenting a multimodal interface, using a game controller for navigation and various desktop computer networking tools of the trade for cybersecurity tasks on the game\u27s physical network. Specifically, teams connect to wireless access points, use packet monitors to intercept network traffic, decrypt and reverse engineer that traffic, craft well-formed and meaningful responses, and transmit those responses. Successful completion of these physical network actions to solve a sequence of increasingly complex problems is necessary to progress through the virtual, story-driven adventure. Use of the networking tools reinforces networking theory and offers hands-on practical training requisite for today\u27s cyberoperators. This paper presents the learning outcomes targeted by a classroom intervention based on CSO, the design and implementation of the game, a pedagogical overview of the overall intervention, and four years of quantitative and qualitative data assessing its effectiveness

CyberEscape Approach to Advancing Hard and Soft Skills in Cybersecurity Education

Incorporating gamification elements and innovative approaches in training and educational programs are promising for addressing cybersecurity knowledge gaps. Cybersecurity training should consider a combination of hard and soft skills to deal with the diversity of cyber incidents. Therefore, this research aims to investigate if soft skills such as communication and collaboration enhances students’ performance in practical task execution and if the CyberEscape approach promotes students engagement and self-efficacy. This paper presents a cybersecurity game CyberEscape based on the intervention mapping methodology previously defined in the research. A virtualised infrastructure simulating the business environment works as a hybrid escape room. Physical resources and prepared information materials complement the game to support the scenario and ensure student engagement. The work employs a multiple-methods research approach. Participants filled out questionnaires in the pre-event and post-execution phases. Additionally, the participants were involved in small group semistructured interviews. Results of the pilot study show a positive impact on student competence improvement and increased interest in cybersecurity.acceptedVersio

Gamification of Cyber Security Awareness : A Systematic Review of Games

The frequency and severity of cyber-attacks have increased over the years with damaging consequences such as financial loss, reputational damage, and loss of sensitive data. Most of these attacks can be attributed to user error. To minimize these errors, cyber security awareness training is conducted to improve user awareness. Cyber security awareness training that is engaging, fun, and motivating is required to ensure that the awareness message gets through to users. Gamification is one such method by which cyber security awareness training can be made fun, engaging, and motivating. This thesis presents the state of the art of games used in cyber security awareness. In this regard, a systematic review of games following PRISMA guidelines was conducted on the relevant papers published between 2010 to 2021. The games were analyzed based on their purpose, cyber security topics taught, target audience, deployment methods, game genres implemented and learning mechanics applied. Analysis of these games revealed that cyber security awareness games are mostly deployed as computer games, targeted at the general public to create awareness in a wide range of cyber security topics. Most of the games implement the role-playing genre and apply demonstration learning mechanics to deliver their cyber security awareness message effectively

Preparing UK students for the workplace: The Acceptability of a Gamified Cybersecurity Training

This pilot study aims to assess the acceptability of Open University’s training platform called Gamified Intelligent Cyber Aptitude and Skills Training course (GICAST), as a means of improving cybersecurity knowledge, attitudes, and behaviours in undergraduate students using both quantitative and qualitative methods. A mixed-methods, pre-post experimental design was employed. 43 self-selected participants were recruited via an online register and posters at the university (excluding IT related courses). Participants completed the Human Aspects of Information Security Questionnaire (HAIS-Q) and Fear of Missing Out (FoMO) Scale. They then completed all games and quizzes in the GICAST course before repeating the HAIS-Q and FoMO scales as well as several open-ended questions. Pre-training HAIS-Q Knowledge, Attitude and Behaviour all improved from ‘reasonable’ pre-training levels to become ‘very high’ following training with large effect sizes estimated. FoMO improved to a lesser degree but also predicted the degree of HAIS-Q improvement suggesting it is relevant to the impact of this training course. Qualitatively, five key themes were generated: enjoyment, engagement, usability of GICAST, content relevance, and perceived educational efficacy. Overall, sentiment towards training was very positive as an enjoyable engaging and usable course. GICAST was found to be a feasible course for a wide range of students at a UK university: overall the training improved cyber-security awareness on a well validated measure with outcomes comparable to information-security-trained employees of a secure workplace. Despite a diversity of views about content, the course appears to be well suited to the non-IT undergraduate sector and may suit wide uptake to enhance students’ employability in a wide range of cybersecurity relevant contexts