C14: Cybersecurity awareness … and how to make it fun

Back to Courses' Program

Tuesday, 28 July, 08:30 - 12:30 EDT (Eastern Daylight Time - Canada)

Prof. Steven Furnell (short bio)
University of Nottingham, UK
steven.furnell@nottingham.ac.uk

Modality

on-site

Room: TBA

Target Audience

Researchers/academics, students, professionals, and industry practitioners interested in guidance on supporting cybersecurity awareness

Requirements for participants

Use of laptop or tablet, with web access and use of notes / word-processing software may be useful

Abstract

While cybersecurity awareness is important for all users of digital technology, in both personal and workplace contexts, we are far from achieving a common baseline of cyber literacy. Part of the problem is how the topic is often introduced and presented to the target audience, with the most common approaches requiring users to read or watch something (possibly with a small quiz element) after which they are considered to have been ‘trained’. The result is typically that their awareness is raised briefly, but their accompanying interest and engagement with the topic may not have changed.  Moreover, these effects are likely to be transient, with little potential to lead to longer-term impacts upon cybersecurity behaviour or culture. 

This course examines the need for cybersecurity awareness and the challenges of achieving it via traditional methods.  It begins by looking the general issues that ought to be covered to achieve cybersecurity literacy, and the extent to which providing such awareness is pursued in comparison to other aspects of security. The discussion then proceeds to look at means of enhancing engagement via gamification, with a focus on approaches that have been attempted in both online and physical formats. With the latter in mind, a significant hands-on element will then involve participants in playing an awareness-raising game, Cyber Defence Dice, which is intended as a means of introducing basic cyber threats and safeguards in an engaging manner. Following on from playing and reflecting upon the game, the final part of the course will then highlight the need to take things beyond simply raising awareness, considering how experiential learning and reinforcement are relevant in influencing how people actually behave with cybersecurity, and how this in turn affects the wider culture within which they operate.

Benefits for attendees

  • Understanding the core elements of cybersecurity literacy for users.
  • Recognising the need for user awareness-raising and the constraints of traditional approaches.
  • Appreciating the value of gamification as a provocation of interest in cybersecurity.
  • Gaining hands-on experience of an awareness-raising game, which may then be used in other contexts.

Attendees will emerge with a better appreciation of the importance of cybersecurity literacy for end-users and the elements that need to be considered for this to be effective in practice. 

Course Content

The main themes covered through the course will proceed as follows (indicative timings are given for the duration of each segment, with a further 30 minutes then being added for a break).

The awareness challenge (1 hour)

  • Introducing the focus and aims of the session.
  • Why we need cyber awareness and why it’s often a challenge to do it.
  • Topics needed for basic cyber literacy.
  • The need to engage people - related vulnerabilities and breaches.
  • User attitudes and perceptions.

Gamifying cyber awareness (45 mins)

  • Examining attempts that have been made to make cyber security awareness and training more engaging.

Cyber Defence Dice (1 hour)

  • A structured playtest of an awareness-raising game.
  • Reflection on the experience and discussion of how it could be used in practice.

Beyond awareness (45 mins)

  • Highlighting the need to go further and for efforts that affect behaviour and culture.

Hands-on part 

The hands-on aspect will involve participants in playing – and evaluating – an awareness-raising game, Cyber Defence Dice (see www.cyberdefencedice.com for details). This will take the form of both group-based and individual play, and will give the participants an opportunity to assess the extent to which the game provides a basis for engaging people with basic cybersecurity threat and defence concepts.

Sample course material

Full materials will be developed closer to the time, but details of the Cyber Defence Dice game can be found at www.cyberdefencedice.com.

Bio Sketch of Course instructor

Prof. Steven Furnell is Professor of Cyber Security in the School of Computer Science at the University of Nottingham. His research interests include security management and culture, usability of security and privacy, and technologies for user authentication. He has authored over 430 papers in refereed international journals and conference proceedings, as well as various books, book chapters, and industry reports. Steve is the UK representative to Technical Committee 11 (security and privacy) within the International Federation for Information Processing, and a board member of the Chartered Institute of Information Security, and a member of the Steering Group for the Cyber Security Body of Knowledge (CyBOK). He also leads the team that has designed and developed the Cyber Defence Dice game, which will be used in this course.