Non-Technical Stream
Non-Technical Stream
Information security awareness via gamification

Abstract:

We are looking for edutainment proposals aimed at information security awareness development both for consumers and corporate users. These proposals may be in a form of a game or a contest involving two or more sides and should cover the key areas of cyber concerns for the chosen target audience.

Statement of the problem

There are areas of key concerns for consumers and corporate users, which include (but are not limited to):

Corporate users:

  • Managing the increasing complexity of corporate networks (heterogeneity of corporate infrastructure, further amplified by BYOD, mobiles and virtual devices)
  • Managing the supply chain and outsourced service providers
  • Targeted attacks aimed either at exfiltration of commercial secrets or disruption of business processes
  • DDoS attacks that lead to the unavailability of a company’s services and/or damage business reputation
  • Data leaks, both intentional or accidental
  • Low cybersecurity awareness of employees, and, especially, lack of resistance against social engineering
  • Keeping up with compliance regulations

Consumers:

  • Risks of losing money because of risky actions (for example, visiting dangerous websites, sticking USB flash drives into USB ports without checking if they are safe from malware or charging a mobile in strange places, opening e-mail attachments without scanning, etc.)
  • Risks of losing access to their digital identities – for example, social media accounts
  • Privacy of private data, most importantly – photos and videos
  • Privacy of internet browsing and communications
  • Cyber mocking and bullying, inappropriate behavior

The key problem, especially with consumers, is to explain the cyber risks in an easy and engaging manner. A possible solution to this problem could be the introduction of a game or contest, where users find themselves in various cyber situations and the outcome of their decisions are demonstrated.

Requirements for the expected results

The proposals should focus on at least one of the key areas from the list above. You may suggest your own area of focus, but you should provide justification that this area of cybersecurity is important for corporate users or consumers.

We expect the proposal to contain a description of:

  1. Game setting – for example, it can be a real-time or turn-based economy game, with or without tactical encounters, or it can be a war strategy, a card game, casual game where people play multiple time – whatever you find appropriate. It may be a single player, or multi-player (family game, or played among friends), or an MMO game.
  2. Game mechanics – how your game works.
  3. Target audience and purpose of the game – depending on the purpose of the game, for example, teaching parents about how to deal with cyber bullies or teaching companies the math of DDoS attacks, the target audience will be very different
  4. Value for the end user – why would people want to play the game?
  5. Creative game story

Formatting  Requirements:

  • Abstract: no more than a page long that gives a complete summary of your project. It should be a brief between 130-200 words maximum.
  • Volume of the whole submission: 30 pages maximum (not including images, appendices)
  • Font: Times New Roman 12, spacing — 1.5

Evaluation criteria  

We will be evaluating the proposals for the originality of the ideas behind the game story, captivation of the game setting and the depth of description of game mechanics. We plan to use the proposed ideas in promotional and edutainment projects, thus we will also be looking at how difficult it is to implement the proposed game process. In your submissions, please do not forget to highlight the connection between the gameplay and information security. Ideas, irrelevant to information security, will automatically have lower priority during the evaluation phase.

Supplementary materials