Raising Awareness about Cloud Security in Industry through a Board Game

Today, many products and solutions are provided on the cloud; however, the amount and financial losses due to cloud security incidents illustrate the critical need to do more to protect cloud assets adequately. A gap lies in transferring what cloud and security standards recommend and require to ind...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Tiange Zhao, Tiago Gasiba, Ulrike Lechner, Maria Pinto-Albuquerque
Formato: article
Lenguaje:EN
Publicado: MDPI AG 2021
Materias:
Acceso en línea:https://doaj.org/article/0c0f46dd199a4adf840de831823fb7d3
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:0c0f46dd199a4adf840de831823fb7d3
record_format dspace
spelling oai:doaj.org-article:0c0f46dd199a4adf840de831823fb7d32021-11-25T17:58:43ZRaising Awareness about Cloud Security in Industry through a Board Game10.3390/info121104822078-2489https://doaj.org/article/0c0f46dd199a4adf840de831823fb7d32021-11-01T00:00:00Zhttps://www.mdpi.com/2078-2489/12/11/482https://doaj.org/toc/2078-2489Today, many products and solutions are provided on the cloud; however, the amount and financial losses due to cloud security incidents illustrate the critical need to do more to protect cloud assets adequately. A gap lies in transferring what cloud and security standards recommend and require to industry practitioners working in the front line. It is of paramount importance to raise awareness about cloud security of these industrial practitioners. Under the guidance of design science paradigm, we introduce a serious game to help participants understand the inherent risks, understand the different roles, and encourage proactive defensive thinking in defending cloud assets. In our game, we designed and implemented an automated evaluator as a novel element. We invite the players to build defense plans and attack plans for which the evaluator calculates success likelihoods. The primary target group is industry practitioners, whereas people with limited background knowledge about cloud security can also participate in and benefit from the game. We design the game and organize several trial runs in an industrial setting. Observations of the trial runs and collected feedback indicate that the game ideas and logic are useful and provide help in raising awareness of cloud security in industry. Our preliminary results share insight into the design of the serious game and are discussed in this paper.Tiange ZhaoTiago GasibaUlrike LechnerMaria Pinto-AlbuquerqueMDPI AGarticlecloud securitycloud control matrixshared-responsibility modelindustryawarenesstrainingInformation technologyT58.5-58.64ENInformation, Vol 12, Iss 482, p 482 (2021)
institution DOAJ
collection DOAJ
language EN
topic cloud security
cloud control matrix
shared-responsibility model
industry
awareness
training
Information technology
T58.5-58.64
spellingShingle cloud security
cloud control matrix
shared-responsibility model
industry
awareness
training
Information technology
T58.5-58.64
Tiange Zhao
Tiago Gasiba
Ulrike Lechner
Maria Pinto-Albuquerque
Raising Awareness about Cloud Security in Industry through a Board Game
description Today, many products and solutions are provided on the cloud; however, the amount and financial losses due to cloud security incidents illustrate the critical need to do more to protect cloud assets adequately. A gap lies in transferring what cloud and security standards recommend and require to industry practitioners working in the front line. It is of paramount importance to raise awareness about cloud security of these industrial practitioners. Under the guidance of design science paradigm, we introduce a serious game to help participants understand the inherent risks, understand the different roles, and encourage proactive defensive thinking in defending cloud assets. In our game, we designed and implemented an automated evaluator as a novel element. We invite the players to build defense plans and attack plans for which the evaluator calculates success likelihoods. The primary target group is industry practitioners, whereas people with limited background knowledge about cloud security can also participate in and benefit from the game. We design the game and organize several trial runs in an industrial setting. Observations of the trial runs and collected feedback indicate that the game ideas and logic are useful and provide help in raising awareness of cloud security in industry. Our preliminary results share insight into the design of the serious game and are discussed in this paper.
format article
author Tiange Zhao
Tiago Gasiba
Ulrike Lechner
Maria Pinto-Albuquerque
author_facet Tiange Zhao
Tiago Gasiba
Ulrike Lechner
Maria Pinto-Albuquerque
author_sort Tiange Zhao
title Raising Awareness about Cloud Security in Industry through a Board Game
title_short Raising Awareness about Cloud Security in Industry through a Board Game
title_full Raising Awareness about Cloud Security in Industry through a Board Game
title_fullStr Raising Awareness about Cloud Security in Industry through a Board Game
title_full_unstemmed Raising Awareness about Cloud Security in Industry through a Board Game
title_sort raising awareness about cloud security in industry through a board game
publisher MDPI AG
publishDate 2021
url https://doaj.org/article/0c0f46dd199a4adf840de831823fb7d3
work_keys_str_mv AT tiangezhao raisingawarenessaboutcloudsecurityinindustrythroughaboardgame
AT tiagogasiba raisingawarenessaboutcloudsecurityinindustrythroughaboardgame
AT ulrikelechner raisingawarenessaboutcloudsecurityinindustrythroughaboardgame
AT mariapintoalbuquerque raisingawarenessaboutcloudsecurityinindustrythroughaboardgame
_version_ 1718411723190304768