Abstract
Cybersecurity concerns are increasingly growing
across different sectors globally, yet security education remains
a challenge. As such, many of the current proposals suffer from
drawbacks, such as failing to engage users or to provide them
with actionable guidelines on how to protect their security assets
in practice. In this work, we propose an approach for designing
security trainings from an adversarial perspective, where the
audience learns about the specific methodology of the specific
methods, which attackers can use to break into IT systems. We
design a platform based on our proposed approach and evaluate
it in an empirical study (N = 34), showing promising results in
terms of motivating users to follow security policies.
across different sectors globally, yet security education remains
a challenge. As such, many of the current proposals suffer from
drawbacks, such as failing to engage users or to provide them
with actionable guidelines on how to protect their security assets
in practice. In this work, we propose an approach for designing
security trainings from an adversarial perspective, where the
audience learns about the specific methodology of the specific
methods, which attackers can use to break into IT systems. We
design a platform based on our proposed approach and evaluate
it in an empirical study (N = 34), showing promising results in
terms of motivating users to follow security policies.
Originalsprog | Engelsk |
---|---|
Titel | Usable Security and Privacy (USEC) Symposium 2023 |
Publikationsdato | 2023 |
ISBN (Elektronisk) | 1-891562-91-6 |
DOI | |
Status | Udgivet - 2023 |
Emneord
- Cybersecurity
- Security Education
- Adversarial Training
- User Engagement
- Security Policies Evaluation