A novel SETA-based gamification framework to raise cyber security awareness

This paper aims to improve the employees’ cyber security awareness by developing an interactive video game, a cyber shield game, that includes various embedded threat scenarios. The proposed game consists of four levels. The password complexity level educates players about password threats. The social engineering level aware employees about email attachments and trespass threats. The phishing attack level educates employees about phishing emails and ransomware threats. Finally, the physical security level aware employees about threats to storage and work documents’ disposal. Further, two surveys, pre-game and post-game, are conducted to estimate the players’ knowledge and experience in cyber security threats. The proposed security awareness program is applied to ten employees randomly chosen from different organizations. Experimental results indicate that the cyber shield training and awareness program is more interactive than traditional awareness methods. Results also suggest that the proposed awareness program improves the employees’ cyber security awareness level by 51.4%.