The gamification of cybersecurity training

Due to the rapidly and continued evolving nature of technology, there is a constant need to update police officers’ training in cyber security to ensure that the UK continues to be a secure place to live and do business. Rather than deliver traditional classroom-based training, our project assesses the effectiveness of the delivery of cyber security through the use of games based learning to simulate cybercrimes and provide training in incident response. The aim of our research is to transform the delivery of first responder training in tackling cybercrime.Through the use of a Game Jam and subsequent prototype development, we have trialed training materials that are based on serious games technology. The game poses a common incident reported to the police, for example the problem of a virtual person receiving offensive messages via Facebook and the training reflects the dialogue with that person and the technical steps to ensure that a copy of the evidence has been preserved for further investigation. Evaluation has been conducted with local police officers. Overall, this approach to the large-scale provision of training (potentially to a whole force) is shown to offer potential

Cybersecurity Awareness and Training (CAT) Framework for Remote Working Employees

Currently, cybersecurity plays an essential role in computing and information technology due to its direct effect on organizations’ critical assets and information. Cybersecurity is applied using integrity, availability, and confidentiality to protect organizational assets and information from various malicious attacks and vulnerabilities. The COVID-19 pandemic has generated different cybersecurity issues and challenges for businesses as employees have become accustomed to working from home. Firms are speeding up their digital transformation, making cybersecurity the current main concern. For software and hardware systems protection, organizations tend to spend an excessive amount of money procuring intrusion detection systems, antivirus software, antispyware software, and encryption mechanisms. However, these solutions are not enough, and organizations continue to suffer security risks due to the escalating list of security vulnerabilities during the COVID-19 pandemic. There is a thriving need to provide a cybersecurity awareness and training framework for remote working employees. The main objective of this research is to propose a CAT framework for cybersecurity awareness and training that will help organizations to evaluate and measure their employees’ capability in the cybersecurity domain. The proposed CAT framework will assist different organizations in effectively and efficiently managing security-related issues and challenges to protect their assets and critical information. The developed CAT framework consists of three key levels and twenty-five core practices. Case studies are conducted to evaluate the usefulness of the CAT framework in cybersecurity-based organizational settings in a real-world environment. The case studies’ results showed that the proposed CAT framework can identify employees’ capability levels and help train them to effectively overcome the cybersecurity issues and challenges faced by the organizations

The use of gamification on cybersecurity awareness of healthcare professionals

This work is partially financed by national funds through Concurso Interno de Projetos de Investigação, Desenvolvimento, Inovação e Criação Artística (ID&CA) from Polytechnical Institute of Lisbon under the project IPL/2022/HeCyGame_ESTeSL.Cybersecurity has a major impact on the healthcare sector, mainly due to the sensitive data and vital medical devices that, when an attack occurs, may compromise the patient's life, safety, and well-being. However, those institutions fail to implement correct system protection policies and provide adequate programs for cybersecurity training and raising cybersecurity awareness. Healthcare professionals develop their academic courses focusing on providing the best care for the patients, studying guidelines, treatment protocols, and diagnostic criteria. However, there are insufficient subjects dedicated to the development of digital literacy to match the requisites of the daily challenges of those professionals, with human error being the main cause of data breaches worldwide. So, developing training programs to face the cybersecurity day-to-day threats is mandatory. Broadly speaking, traditional training programs seem to fail to retain students’ motivation, engagement, and long-term knowledge acquisition, being time-consuming and challenging in scheduling and planning. To face this situation, new techniques, such as gamification, have emerged, with promising results on motivation and engagement, allowing the users to be the center of the training programs, matching the strategy to their levels of knowledge and preferences. This paper aims to identify the existing gamified approaches available, review the state-of-the-art related to gamification and cybersecurity training, and elaborate on how they can be successfully applied to training programs for healthcare professionals.info:eu-repo/semantics/publishedVersio

Gamificação aplicada à formação em cibersegurança de profissionais de saúde: uma prova de conceito

Mestrado em Gestão e Avaliação de Tecnologias em SaúdeIntrodução: O sector da saúde é fortemente afetado pelo cibercrime, com as principais técnicas de ataque a serem direcionadas para os utilizadores. Por isso, os profissionais de saúde têm um papel fundamental na minimização destes ataques, quando devidamente treinados. As estratégias de formação gamificada em cibersegurança têm resultados bastante positivos ao nível da aquisição e retenção de conhecimento, tendo vantagens ao nível da gestão dos recursos e do tempo. Objetivos: Descrever o estado da arte relacionado com o impacto da cibersegurança no sector da saúde e com a gamificação; identificar os componentes associados ao desenvolvimento de soluções de gamificação; comparar as plataformas de gamificação existentes; definir uma metodologia de gamificação adequada para a formação em cibersegurança de profissionais de saúde e desenvolver uma ferramenta de gamificação para a sensibilização em cibersegurança de profissionais de saúde. Metodologia: Desenvolveu-se uma metodologia de gamificação para a formação em cibersegurança dos profissionais de saúde. Foi igualmente desenvolvido um protótipo da estratégia de formação gamificada, específica para o setor da saúde, onde consta um piloto da aplicação (Health-Cy-Game). Resultados: Desenvolvimento do protótipo da estratégia de formação gamificada – Health-Cy-Game – de acordo com o perfil de conhecimentos estabelecido: conhecimento geral de tecnologia; autenticação e gestão de palavras-passe; técnicas de ciberataques dirigidas ao sector da saúde; gestão da informação; manutenção e atualização de software, e procedimentos e regulamentos em cibersegurança das instituições de saúde. Disposições finais: No setor da saúde, a cibersegurança deverá constituir uma preocupação central dos planos estratégicos de segurança e qualidade dos cuidados. Para atingir este estado de segurança, é preciso munir os utilizadores da tecnologia de conhecimento adequados. “Health-Cy-Game” foi construído tendo em conta o perfil de competências destes profissionais e as especificidades deste sector, de acordo com o Referencial de Competências e Conhecimentos do Centro Nacional de Cibersegurança e as escalas Risky Cybersecurity Behaviours Scale (RsCB) e Security Behaviour Intentions Scale (SeBIS).ABSTRACT - Introduction: The healthcare sector is heavily affected by cybercrime, with the majority of techniques used being addressed to its users. Health professionals have a key role in minimizing these attacks when properly trained. Gamified training strategies in cybersecurity have very positive results in terms of knowledge acquisition and retention, with advantages in terms of resources and time management. Objectives: To describe the state-of-the-art related to the impact of cybersecurity in the health sector and with gamification; identify the components associated with the development of gamification solutions; compare existing gamification platforms; define an appropriate gamification methodology for training health professionals in cybersecurity and develop a gamification tool to raise awareness of cybersecurity among health professionals. Methodology: A gamification methodology was developed for training health professionals in cybersecurity. A prototype of the gamified training strategy, specific for the health sector, was also developed, which contains a pilot application (Health-Cy-Game). Results: Development of the prototype of the gamified training strategy – Health-Cy-Game – according to the knowledge profile established: general knowledge of technology; authentication and password management; cyberattack techniques targeting the health sector; information management; maintenance and updating of software, and procedures and regulations in cybersecurity of health institutions. Final Provisions: In the healthcare sector, cybersecurity must be a central concern of strategic plans addressed to safety and quality of care. To achieve this state of security, it is necessary to provide adequate training to healthcare professionals. “Health-Cy-Game” was built taking into account the skills profile of these professionals and the specificities of this sector, in accordance with Centro Nacional de Cibersegurança’s roadmap “Competências e Conhecimentos”, the Risky Cybersecurity Behaviours Scale (RsCB) and Security Behaviour Intentions Scale (SeBIS).N/

Law Enforcement Officers’ Perceptions in Combating Cybercrime at the Local Level

Cybercrime has become one of the fastest-growing concerns for law enforcement agencies at the federal, state, and municipal levels. This qualitative case study examined the perceptions of nine law enforcement officers’ from Texas regarding combating cybercrime at the local level. The conceptual framework was based on the structural contingency theory and Porter and Lawler’s theory of motivation. Data collection consisted of semistructured interviews, where member-checking helped to enhance the trustworthiness. In addition, data gathered from interview transcripts were inductively coded and used to organize data into categories to determine the themes in the study. Most of the participants in this study perceived that law enforcement agencies were not equipped to take a more prominent role in cybercrime investigations because of the lack of experience and resources. Participants also provided recommendations to address cybercrime at the local level, including helping community members understand cybercrime threats while empowering the public to become safer and more secure during online activity. Finally, many of the participants suggested that creating multiple cybercrime task forces located in major cities throughout the United States could serve as a method of combating cybercrime at the local level. This study’s positive social change implications include providing information to law enforcement agencies about potential gaps in combating cybercrime at the local level, along with recommendations for more streamlined cybercrime training for law enforcement officers to increase officer efficiencies in cybercrimes

Measuring the Application of Knowledge Gained from the Gamification of Cybersecurity Training in Healthcare

Empirical data has consistently identified insider threat/user error as a leading cause of security breaches in the healthcare industry. To mitigate this, organizations often attempt to invest in technologies and the creation of new processes rather than focusing on more effective and innovative ways of educating and engaging the end users. This quantitative study compares the application of knowledge gained over time when educating healthcare professionals on proper procedures for handling sensitive data through the means of traditional versus gamification style training. The study utilized an experimental approach in order to test four hypotheses that compared the knowledge gained by healthcare professionals when administering different training techniques. The results of this research study suggest that gamification style training tailored toward security awareness could play an essential role in reducing the frequency of internal compromise within the healthcare industry. With the understanding that technology alone will not provide a sufficient safety net for managing human risk, healthcare providers should consider gamification as an option that can improve their cybersecurity infrastructure with minimal cost