Security Awareness Training through Experiencing the Adversarial Mindset

Jens Christian Dalgaard, Niek A. Janssen, Oksana Kulyuk, Carsten Schurmann (IT University of Copenhagen)

Cybersecurity concerns are increasingly growing across different sectors globally, yet security education remains a challenge. As such, many of the current proposals suffer from drawbacks, such as failing to engage users or to provide them with actionable guidelines on how to protect their security assets in practice. In this work, we propose an approach for designing security trainings from an adversarial perspective, where the audience learns about the specific methodology of the specific methods, which attackers can use to break into IT systems. We design a platform based on our proposed approach and evaluate it in an empirical study (N = 34), showing promising results in terms of motivating users to follow security policies.

Paper

Slides

Video

View More Papers

Work in Progress: A Comparative Long-Term Study of Fallback...

Philipp Markert, Maximilian Golla (Ruhr University Bochum); Elizabeth Stobert (National Research Council of Canada); Markus Dürmuth (Ruhr University Bochum)

A Data-driven Approach to Rating Cybersecurity Risk and Investing...

Anup K Ghosh

Does This App Respect My Privacy? Design and Evaluation...

Oksana Kulyk (Karlsruhe Institute of Technology); Paul Gerber, Karola Marky, Christopher Beckmann (Technische Universität Darmstadt); Melanie Volkamer (Karlsruhe Institute of Technology)

A Study on Security and Privacy Practices in Danish...

Asmita Dalela (IT University of Copenhagen), Saverio Giallorenzo (Department of Computer Science and Engineering - University of Bologna), Oksana Kulyk (ITU Copenhagen), Jacopo Mauro (University of Southern Denmark), Elda Paja (IT University of Copenhagen)