Raising Awareness about Cloud Security in Industry through a Board Game
Today, many products and solutions are provided on the cloud; however, the amount and financial losses due to cloud security incidents illustrate the critical need to do more to protect cloud assets adequately. A gap lies in transferring what cloud and security standards recommend and require to ind...
Guardado en:
Autores principales: | , , , |
---|---|
Formato: | article |
Lenguaje: | EN |
Publicado: |
MDPI AG
2021
|
Materias: | |
Acceso en línea: | https://doaj.org/article/0c0f46dd199a4adf840de831823fb7d3 |
Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
id |
oai:doaj.org-article:0c0f46dd199a4adf840de831823fb7d3 |
---|---|
record_format |
dspace |
spelling |
oai:doaj.org-article:0c0f46dd199a4adf840de831823fb7d32021-11-25T17:58:43ZRaising Awareness about Cloud Security in Industry through a Board Game10.3390/info121104822078-2489https://doaj.org/article/0c0f46dd199a4adf840de831823fb7d32021-11-01T00:00:00Zhttps://www.mdpi.com/2078-2489/12/11/482https://doaj.org/toc/2078-2489Today, many products and solutions are provided on the cloud; however, the amount and financial losses due to cloud security incidents illustrate the critical need to do more to protect cloud assets adequately. A gap lies in transferring what cloud and security standards recommend and require to industry practitioners working in the front line. It is of paramount importance to raise awareness about cloud security of these industrial practitioners. Under the guidance of design science paradigm, we introduce a serious game to help participants understand the inherent risks, understand the different roles, and encourage proactive defensive thinking in defending cloud assets. In our game, we designed and implemented an automated evaluator as a novel element. We invite the players to build defense plans and attack plans for which the evaluator calculates success likelihoods. The primary target group is industry practitioners, whereas people with limited background knowledge about cloud security can also participate in and benefit from the game. We design the game and organize several trial runs in an industrial setting. Observations of the trial runs and collected feedback indicate that the game ideas and logic are useful and provide help in raising awareness of cloud security in industry. Our preliminary results share insight into the design of the serious game and are discussed in this paper.Tiange ZhaoTiago GasibaUlrike LechnerMaria Pinto-AlbuquerqueMDPI AGarticlecloud securitycloud control matrixshared-responsibility modelindustryawarenesstrainingInformation technologyT58.5-58.64ENInformation, Vol 12, Iss 482, p 482 (2021) |
institution |
DOAJ |
collection |
DOAJ |
language |
EN |
topic |
cloud security cloud control matrix shared-responsibility model industry awareness training Information technology T58.5-58.64 |
spellingShingle |
cloud security cloud control matrix shared-responsibility model industry awareness training Information technology T58.5-58.64 Tiange Zhao Tiago Gasiba Ulrike Lechner Maria Pinto-Albuquerque Raising Awareness about Cloud Security in Industry through a Board Game |
description |
Today, many products and solutions are provided on the cloud; however, the amount and financial losses due to cloud security incidents illustrate the critical need to do more to protect cloud assets adequately. A gap lies in transferring what cloud and security standards recommend and require to industry practitioners working in the front line. It is of paramount importance to raise awareness about cloud security of these industrial practitioners. Under the guidance of design science paradigm, we introduce a serious game to help participants understand the inherent risks, understand the different roles, and encourage proactive defensive thinking in defending cloud assets. In our game, we designed and implemented an automated evaluator as a novel element. We invite the players to build defense plans and attack plans for which the evaluator calculates success likelihoods. The primary target group is industry practitioners, whereas people with limited background knowledge about cloud security can also participate in and benefit from the game. We design the game and organize several trial runs in an industrial setting. Observations of the trial runs and collected feedback indicate that the game ideas and logic are useful and provide help in raising awareness of cloud security in industry. Our preliminary results share insight into the design of the serious game and are discussed in this paper. |
format |
article |
author |
Tiange Zhao Tiago Gasiba Ulrike Lechner Maria Pinto-Albuquerque |
author_facet |
Tiange Zhao Tiago Gasiba Ulrike Lechner Maria Pinto-Albuquerque |
author_sort |
Tiange Zhao |
title |
Raising Awareness about Cloud Security in Industry through a Board Game |
title_short |
Raising Awareness about Cloud Security in Industry through a Board Game |
title_full |
Raising Awareness about Cloud Security in Industry through a Board Game |
title_fullStr |
Raising Awareness about Cloud Security in Industry through a Board Game |
title_full_unstemmed |
Raising Awareness about Cloud Security in Industry through a Board Game |
title_sort |
raising awareness about cloud security in industry through a board game |
publisher |
MDPI AG |
publishDate |
2021 |
url |
https://doaj.org/article/0c0f46dd199a4adf840de831823fb7d3 |
work_keys_str_mv |
AT tiangezhao raisingawarenessaboutcloudsecurityinindustrythroughaboardgame AT tiagogasiba raisingawarenessaboutcloudsecurityinindustrythroughaboardgame AT ulrikelechner raisingawarenessaboutcloudsecurityinindustrythroughaboardgame AT mariapintoalbuquerque raisingawarenessaboutcloudsecurityinindustrythroughaboardgame |
_version_ |
1718411723190304768 |