提升您的安全性：游戏化的力量 （Ben Meyer-Crosby）.pdf

1、Level Up Your Security:The Power of GamificationBen Meyer-Crosby,2024Who am I?Ben Meyer-Crosby(he/they)10+year in cybersecurity Cybersecurity OperationsRisk ManagementTraining&AwarenessIncident ManagementCISMBased in Portland,ORAgendaWhy are we here?GamificationWhat is it?(and what it isnt)What does

2、 the data show?What should we be thinking about?Q&AWhy?ProblemsMotivationPerformanceRetentionStoryOne afternoon,Jake,a customer service rep,received an email requesting patient records but noticed the senders address had an extra letter in the companys domain name,a common phishing tactic.Rememberin

3、g his training,Jake immediately flagged the email as suspicious and reported it to IT.Why do we have security awareness training?Regulatory requirementsWe want to keep our customers data safeWe dont want our jobs to be harder because someone installed malwareHow do we deliver training?In-person trai

4、ningVirtual,instructor trainingComputer-based trainingSimulated Attacks(Phishing/Smishing/Vishing/USB Drops)Awareness posters and videosNewsletters and emailsCybersecurity-based contests and prizesChat channelWikiWhat it is(and what it isnt)What people think ofLeaderboardsPointsLevelsBadgesChallenge

5、sAdditional things to think aboutStoryIncentivesFocusLets look at the dataMotivation68%reported that,in general,the educational gamification environment used increased their perceived motivationMotivation-OverallGamification DOES increases motivationGamification DOES NOT directly increase performanc

6、eMotivation DOES increase performanceGamification-Motivation-PerformanceMotivation-ElementsRetentionRetentionRetentionRetentionPerformancePerformance-Story QuestionWhat was suspicious about the phishing email in Jakes story?a)DKIM/SPF checks failedb)Misspelled