Browse > Article
http://dx.doi.org/10.13089/JKIISC.2018.28.4.951

A Study on Improvement of Information Security awareness through Game: Focusing on Changes in Awareness of Information Security Policies  

Choi, Jong-hyun (Graduate School of Information Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.28, no.4, 2018 , pp. 951-962 More about this Journal
Abstract
In order to strengthen the information security of the organization, it is important to invest in the information security facility, but the information security awareness of the organization members is also very important. Effective education is needed to raise awareness of this information security. However, the method of collective education utilized by most organizations is not very effective. Educational methods using serious games can be a good alternative. Educational methods using serious games have already proved effective through various cases and researches and are used in many fields. In this paper, we design and implement a game program to improve the awareness of individual information security policy importance. The training was conducted for the members of the organization and the change of awareness about the importance of individual information security policy was examined through analysis of evaluation data before and after the training.
Keywords
Serious Game; Information security Awareness; Security Learning; Teaching Tool; Security policy;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Ministry of Science and ICT, "Results of the survey on the status of information security in 2017", http://www.msit.go.kr/web/msipContents/contentsView.do?cateId=mssw311&artId=1372723, 2018.05.20
2 Amitava Dutta and Kevin Mccrohan "Management's role in information security in a cyber economy," California Management Review, vol. 45, no. 1, pp. 67-87, Oct. 2002.   DOI
3 Boannews, "Is not it a good time to s pend your company's security training time?", http://www.boannews.com/media/view.asp?idx=50323, 2018.05.22
4 Karina Korpela, "Improving cyber security awareness and training programs with data analytics," Information Security Journal: A Global Perspective, vol. 24, no. 1-3, pp. 72-77, Jun. 2015.   DOI
5 Clark C. Abt, Serious Games, Viking Press, NewYork, pp. 5-6, 1970.
6 Jesse Schell, The art of game design, ELSEVIER, Oxford, pp. 96, 2008.
7 S.J. Brown, D.A. Lieberman, B.A. Gemeny, Y.C. Fan, D.M. Wilson and D.J. Pasta "Educational video games for juvenile diabetes: result of a controlled trial," Medical informatics, vol. 22, no. 1, pp. 77-89, Jan. 1997.   DOI
8 B.D. Coller and D.J. Shernoff, "Video game-based education in mechanical engineering: a look at student engagement," International Journal of Engineering Education, vol. 25, no. 2, pp. 308-317, Jan. 2009.
9 Jeffrey M. Stanton, Kathryn R. Stam, Paul Mastrangelo and Jefferey Jolton, "An analysis of end user security behaviors," Computers and Security, vol. 24, no. 2, pp. 124-133. Mar. 2005.   DOI
10 Bilal Khan, Khaled S. Alghathbar, Syed Irfan Nabi and Muhammad Khurram Khan, "Effectiveness of information security awareness method based on psychological theories," African Journal of Business Management, vol. 5, no. 26, pp. 10862-10868, Oct. 2011.
11 Carrie Mccoy and Rebecca T.F., "You are the key to security: establishing a successful security awareness program," SIGUCCS '04 Proceedings of the 32nd annual ACM SIGUCCS conference on User service, pp. 346-349, Oct. 2004.
12 Mete Eminagaoglu, Erdem Ucar and Saban Eren, "The positive outcomes of information security awareness training in company - a case study," Information Security Technical Report, vol. 14, no. 4, pp. 223-229, Nov. 2010.   DOI
13 Basie Von Solms, "Information security - a multidimensional discipline," computers & security, vol. 20, no. 6, pp. 504-508, Sep. 2001.   DOI
14 Kil-sang Yoo, In-woo Kim, Je-hyuk Youn, Dong-jae Lee and Won-hyung Lee "A design of functional game contents and analysis of power spectrum," Journal of The Korean Society for Computer Game, 4(6), pp. 25-31, Jun. 2005.
15 P.S. Dowland, S.M. Furnell, H.M. Illingworth and P.L. Leynolds, "Computer crime and abuse: a survey of public attitudes and awareness," Computers and Security, vol. 18, no. 8, pp. 715-726, 1999.   DOI
16 Chang-gyu Oh and Jong-gi Kim, "Development of a framework for effective information protection education and training," Korea Institute Of Information Security And Cryptology, 13(2), pp. 59-69, April. 2003.
17 Karl M. Kapp, The gamification of learning and instruction: game-based methods and education, Wiley, Newjersey, pp. 49, 2012.
18 D.S. Vogel, J. Cannon Bouwes, C.A. Bowers, K. Muse and M. Wright, "Computer gaming and interative simulations for learning: a meta-analysis," Journal of Educational Computing Research, vol. 34, no. 4, pp. 229-243, April. 2006.   DOI
19 Konstantin Mitgutsch and Narda Alvarado, "Purposeful by design?:a serious game design assessment framework," FDG '12 Proceedings of the International Conference on the Foundations of Digital Games, pp. 121-128, Jun. 2012.
20 Randel J.M., Morris B.A., Wetzel C.D. and Whitehill B.V., "The effectiveness of games for educational purposes: a review of recent research," Simulation & Gaming, vol. 23, no. 3, pp. 261-276, Sep. 1992.   DOI
21 Sitzmann. T, "A meta-analytic examination of the instructional effectiveness of computerbased simulation games," Personnel Psychology, vol. 64, no. 2, pp. 489-528, May. 2011.   DOI
22 Min-jung Baek and Seyung-hee Son, "A study on the effect of Information security awareness and behavior on the information security performance in small and medium sized organization," Asia Pacific Journal of Small Business, 33(2), pp. 113-132, Jun. 2011.
23 Dong-hyeok Lee and Nam-je Park, "Teaching book and tools of elementary network security learning using gamification mechanism," Journal of the Korea Institute of Information Security & Cryptology, 26(3), pp 787-797, Jun. 2016.   DOI
24 Gamified UK, "Gamification Examples and Case Studies", https://www.gamified.uk/2013/07/29/gamification-in-the-wild-examples-and-case-studies/, 2018.04.05.
25 Chae-ho Lim, "Effective information protection awareness improvement plan," Journal of Information Security, 16(2), pp 30-36, April. 2006.
26 Anne Adams and Martina Angela Sasse, "Users are not the enemy," COMMUNICATIONS OF THE ACM, vol. 42, no. 12, pp. 40-46, Dec. 1999.