The effectiveness of online gaming as part of a security awareness program

Abstract

Using cyberspace to conduct business and personal duties has become ubiquitous to an interconnected society. The use of information technology has provided humanity with a platform to evolve and contribute to the advancement of society. However duality also exists within the realm of cyberspace as shown by the expanding threats originating from cyber criminals who uses the information superhighway for nefarious purposes. Companies usually invest large amounts of money in the implementation of hardware and software controls to deter and prevent attacks on assets within these establishments. For example firewalls and anti-virus software are updated as threats evolve. In spite of these controls the weakest link in this security chain is still the human element whose actions can be considered as erratic and unpredictable thus posing a threat to the security of the organization. Security awareness programs aim to equip users of cyberspace with the necessary knowledge to identify and mitigate threats emanating from these platforms, including the Internet. Numerous security awareness frameworks exist which prescribes the required steps to design and implement an efficient and effective security awareness program. An understanding of the different steps is required to develop and customize such a program for a specific environment. Furthermore different methods which include training, newsletters and websites are used to deliver the security awareness content to the participants. The nature of these methods could be ineffective and be considered mundane and strenuous to the participants who do not always have the technical background in information technology, which, in turn could threaten the success of the implemented program. Therefore a proficient solution should be considered to attract and captivate a diverse group of employees when doing security awareness training. Moreover the effectiveness of these programs should be measured with the application of metrics defined within security awareness programs. This paper discusses the implementation and findings of a security awareness program. The aim of the security awareness program was to determine the effectiveness of using online gaming as an information security knowledge delivery method to enhance the efficacy of the participant’s awareness to identify and mitigate threats encountered within cyberspace. Subsequently the paper proposes improvements to the design of the security awareness program used during the study.