ConGISATA: A Framework for Continuous Gamified Information Security Awareness Training and Assessment

Ofir Cohen, Ron Bitton, Asaf Shabtai, Rami Puzis

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

The incidence of cybersecurity attacks utilizing social engineering techniques has increased. Such attacks exploit the fact that in every secure system, there is at least one individual with the means to access sensitive information. Since it is easier to deceive a person than it is to bypass the defense mechanisms in place, these types of attacks have gained popularity. This situation is exacerbated by the fact that people are more likely to take risks in their passive form, i.e., risks that arise due to the failure to perform an action. Passive risk has been identified as a significant threat to cybersecurity. To address these threats, there is a need to strengthen individuals’ information security awareness (ISA). Therefore, we developed ConGISATA - a continuous gamified ISA training and assessment framework based on embedded mobile sensors; a taxonomy for evaluating mobile users’ security awareness served as the basis for the sensors’ design. ConGISATA’s continuous and gradual training process enables users to learn from their real-life mistakes and adapt their behavior accordingly. ConGISATA aims to transform passive risk situations (as perceived by an individual) into active risk situations, as people tend to underestimate the potential impact of passive risks. Our evaluation of the proposed framework demonstrates its ability to improve individuals’ ISA, as assessed by the sensors and in simulations of common attack vectors.

Original languageAmerican English
Title of host publicationComputer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, 2023, Proceedings
EditorsGene Tsudik, Mauro Conti, Kaitai Liang, Georgios Smaragdakis
PublisherSpringer Science and Business Media Deutschland GmbH
Pages431-451
Number of pages21
ISBN (Print)9783031514784
DOIs
StatePublished - 1 Jan 2024
Event28th European Symposium on Research in Computer Security, ESORICS 2023 - The Hague, Netherlands
Duration: 25 Sep 202329 Sep 2023

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume14346 LNCS

Conference

Conference28th European Symposium on Research in Computer Security, ESORICS 2023
Country/TerritoryNetherlands
CityThe Hague
Period25/09/2329/09/23

Keywords

  • Cybersecurity Training
  • Gamification
  • Human Factors
  • Information Security Awareness
  • Mobile Devices
  • Social Engineering

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'ConGISATA: A Framework for Continuous Gamified Information Security Awareness Training and Assessment'. Together they form a unique fingerprint.

Cite this