MODELLING SERIOUS GAMES FOR ENHANCING END USER CYBER SECURITY AWARENESS

The objective of this paper is to present a serious games model that assist organizations to substantially enhance computer user's cyber security awareness. Extensive research into academic literature revealed that a comprehensive model for designing serious games for training users to reduce user vulnerabilities in lacking. This paper thus focusses on strategically deploying serious games to educate, train and aware organizational users to detect, prevent, eliminate/mitigate and report instances of social engineering threats deployed by advanced persistent threat (APT) vectors, that predominantly target organisational user vulnerabilities. Training computer users on APT threat vectors which deploys simple social engineering yet complex technical methods to exploit internetworked computer user and subsequent vulnerabilities is a challenging task faced by organizations worldwide as is evident from publicly reported attacks. Serious games find immense applications in the domain of education, information systems and information security due to convenience of time, instant feedback, attractiveness and the ease of simulating novel and multiple attack scenarios. While serious games and models have been proposed by researchers in cyber security domain, attributes for building a serious gaming model for APT is wanting in both academic and practitioner domains. In this respect, we propose a serious game model GAM-APT by integrating the serious gaming model components namely the ‘player', ‘game' and ‘knowledge' dimensions with Gagne's nine events.