The role of human factors in cybersecurity is an under-explored area that has a lot of potential towards mitigating attacks. As a result, an SLR that explored human factors in cybersecurity, focusing on phishing, revealed five key human factors that were persistent with phishing related attacks or issues. Based on the results of the SLR, further explorations into threat modelling were conducted to determine how to classify human factor related behaviour and the decisions that are likely behind them or lead towards human error. From here, this information was used to develop a human factor-centred threat model called STRIDE-HF that was implemented into a game called Another Week at the Office (AWATO). The results of further testing of AWATO revealed that is an effective tool for improving users awareness of good cybersecurity practices.

AWATO: A serious game to improve cybersecurity awareness / Ferro, L. S.; Marrella, A.; Catarci, T.; Sapio, F.; Parenti, A.; DE SANTIS, Matteo. - 13334:(2022), pp. 508-529. (Intervento presentato al convegno 4th International Conference on HCI in Games, HCI in Games 2022 Held as Part of the 24th HCI International Conference, HCII 2022 tenutosi a Virtual) [10.1007/978-3-031-05637-6_33].

AWATO: A serious game to improve cybersecurity awareness

Ferro L. S.;Marrella A.;Catarci T.;Sapio F.;Parenti A.;De Santis Matteo
2022

Abstract

The role of human factors in cybersecurity is an under-explored area that has a lot of potential towards mitigating attacks. As a result, an SLR that explored human factors in cybersecurity, focusing on phishing, revealed five key human factors that were persistent with phishing related attacks or issues. Based on the results of the SLR, further explorations into threat modelling were conducted to determine how to classify human factor related behaviour and the decisions that are likely behind them or lead towards human error. From here, this information was used to develop a human factor-centred threat model called STRIDE-HF that was implemented into a game called Another Week at the Office (AWATO). The results of further testing of AWATO revealed that is an effective tool for improving users awareness of good cybersecurity practices.
2022
4th International Conference on HCI in Games, HCI in Games 2022 Held as Part of the 24th HCI International Conference, HCII 2022
Cybersecurity; serious game; threat modelling
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
AWATO: A serious game to improve cybersecurity awareness / Ferro, L. S.; Marrella, A.; Catarci, T.; Sapio, F.; Parenti, A.; DE SANTIS, Matteo. - 13334:(2022), pp. 508-529. (Intervento presentato al convegno 4th International Conference on HCI in Games, HCI in Games 2022 Held as Part of the 24th HCI International Conference, HCII 2022 tenutosi a Virtual) [10.1007/978-3-031-05637-6_33].
File allegati a questo prodotto
File Dimensione Formato  
Ferro_Awato-Serious-Game_2022.pdf

solo gestori archivio

Note: Articolo principale
Tipologia: Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 4.29 MB
Formato Adobe PDF
4.29 MB Adobe PDF   Contatta l'autore

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1665058
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 5
  • ???jsp.display-item.citation.isi??? 3
social impact