Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

We're All Winners--Gamification and Security Awareness

66 visualizaciones

Publicado el

Many experts agree that engaged learners have better retention. Security Awareness programs are often seen only in the context of the information we provide to our audiences. Annual compliance training may not lead to changed behavior. What can we do differently? What does gamification mean for security awareness training and communication.
The presenter will discuss opportunities to introduce gamification into security awareness activities. He'll share from specific gamification initiatives undertaken at the Rochester Institute of Technology to increase user awareness. These activities include the development of a Digital Self Defense Dojo, an escape room, and positively-reinforced simulated phishing exercises.

Publicado en: Educación
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

We're All Winners--Gamification and Security Awareness

  1. 1. © 2019 Ben Woelk https://youtu.be/cRTaksvIpUg
  2. 2. © 2019 Ben Woelk What is Gamification?
  3. 3. © 2019 Ben Woelk Why Gamify Security Awareness?
  4. 4. © 2019 Ben Woelk Changing the Culture Build strong roots
  5. 5. © 2019 Ben Woelk Build on Foundation •DSD classes •Monthly topics •Social media •Leverage events
  6. 6. © 2019 Ben Woelk Inspiration
  7. 7. © 2019 Ben Woelk DSD Dojo
  8. 8. © 2019 Ben Woelk Digital Self Defense (DSD) Dojo
  9. 9. © 2019 Ben Woelk Dojo Goals •Socialize best practices •Increase training participation
  10. 10. © 2019 Ben Woelk Structure •Badges and Belts •Website •Physical Badges •Gift Cards
  11. 11. © 2019 Ben Woelk
  12. 12. © 2019 Ben Woelk Escape Room
  13. 13. © 2019 Ben Woelk Goals •Leverage escape room popularity •Educate about phishing •Educate about passphrases
  14. 14. © 2019 Ben Woelk Structure •Portable •7 Puzzles •Various locks •USB drive •Fishing game •Email samples
  15. 15. © 2019 Ben Woelk Self Phishing
  16. 16. © 2019 Ben Woelk  Improve end user recognition of phishes  Improve timeliness of reporting  Improve baseline detection rate by 25% • For example, 70% detection rate to 87.5%, NOT 70% to 95% Goals
  17. 17. © 2019 Ben Woelk Guiding Principles  Self Phishing  Positive Experience  Non punitive  Anonymized results 18
  18. 18. © 2019 Ben Woelk
  19. 19. © 2019 Ben Woelk Phish Handling Communications
  20. 20. © 2019 Ben Woelk PhishBowl
  21. 21. © 2019 Ben Woelk Phishing Program Structure  Initial Announcement  Division/Department  3 and 1  Follow up presentations
  22. 22. © 2019 Ben Woelk Reporting Results • Ignored • Reported • Reported in First Minute 2018 12 Delivery 2018 12 File 2018 12 Maintena nce 2019 02 Order 2019 03 Credit 2019 03 Gloogle Doc All 2019 03 Quarentin e 2019 04 Red Light ALL 2019 05 Office 365 Invoice ALL 2019 06 Mailbox Full All 2019 07 Ransomw are All F&A Average Ignored 94% 100% 99% 92% 97% 99% 99% 96% 94% 91% 99% 91% Reported 18% 24% 19% 35% 35% 12% 25% 36% 8% 30% 4% 14% Reported in First Minute 14% 18% 12% 16% 14% 12% 10% 10% 8% 11% 4% 4% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Phishing (by template) Ignored Reported Reported in First Minute
  23. 23. © 2019 Ben Woelk Phish First-minute reports First-minute report rate Reported Report Rate Ignored Ignore Rate 2019 03 Credit 15 14% 37 35% 102 97% 2019 03 Gloogle Doc All 12 12% 12 12% 101 99% 2019 03 Quarantine 10 10% 26 25% 104 99% Sample Department Results
  24. 24. © 2019 Ben Woelk
  25. 25. © 2019 Ben Woelk New Student Orientation
  26. 26. © 2019 Ben Woelk
  27. 27. © 2019 Ben Woelk and…
  28. 28. © 2019 Ben Woelk
  29. 29. © 2019 Ben Woelk Snapchat Filters and Geofencing
  30. 30. © 2019 Ben Woelk
  31. 31. © 2019 Ben Woelk Discussion •Should you gamify? •What would you gamify? •What would you not gamify?
  32. 32. © 2019 Ben Woelk Ben.woelk@rit.edu www.rit.edu/Security 34
  33. 33. © 2019 Ben Woelk References• Jessica Barker, "The Human Nature of Cybersecurity," EDUCAUSE Review, May 20, 2019. • Julianne Basinger, A Campus Culture of Cybersecurity, (Washington DC: The Chronicle of Higher Education, 2019). • Valerie Vogel, "Security Awareness Made Simple: 2019 Security Awareness Campaign Materials," Security Matters (blog), EDUCAUSE Review, December 17, 2018. • Ben Woelk, "Building a Culture of Digital Self Defense," Security Matters (blog), EDUCAUSE Review, September 20, 2016. • Ben Woelk, “Wind, Trees, and Security Awareness" Security Matters (blog), EDUCAUSE Review, September 13, 2019.

×