For Publishers
DiscoveryMetadataPeer reviewHostingPublishing
For Researchers
JoinPublishReviewCollect
Register
Blog
About
Search
Advanced search
My ScienceOpen
Search
For Publishers
For Researchers
Blog
About
2,256
views
16
references
 Top references
cited by
0
    
0 reviews
 Review
0
comments
 Comment
0
recommends
+1 Recommend
1 collections
    4
    shares
      561
      similar
       All similar

      Celebrating 65 years of The Computer Journal - free-to-read perspectives - bcs.org/tcj65

      scite_
       
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      HATCH: Hack And Trick Capricious Humans – A Serious Game on Social Engineering

      proceedings-article
      Author(s): 1 , 2 , 1
      Publication date (Print):
      Conference name: Proceedings of the 30th International BCS Human Computer Interaction Conference (HCI)
      Conference theme: Fusion
      Conference date: 11 - 15 July 2016
      Keywords: Security, Methods, Education, Social Engineering, Serious Gaming
      Bookmark

            Abstract

            Social engineering is the illicit acquisition of information about computer systems by primarily non-technical means. Although the technical security of most critical systems is usually being regarded in penetration tests, such systems remain highly vulnerable to attacks fromsocial engineers that exploit human behavioural patterns to obtain information (e.g., phishing). To achieve resilience against these attacks, we need to train people to teach them how these attacks work and how to detect them. We propose a serious game that helps players to understand how social engineering attackers work. The game can be played based on the real scenario in the company/department or based on a generic office scenario with personas that can be attacked. Our game trains people in realising social engineering attacks in an entertaining way, which shall cause a lasting learning effect.

            Content

            Author and article information

            Contributors
            Kristian Beckers
            Sebastian Pape
            Veronika Fries
            Conference
            Publication date: July 2016
            Publication date (Print): July 2016
            Pages: 1-3
            Affiliations
            [0001]Technische Universität München (TUM)

            Institute of Informatics

            Boltzmannstr. 3

            85748 Garching, Germany
            [0002]Goethe-University Frankfurt

            Faculty of Economics

            Theodor-W.-Adorno-Platz 4

            60323 Frankfurt, Germany
            Article
            DOI: 10.14236/ewic/HCI2016.94
            SO-VID: ef4958b1-ff29-42e5-b58f-f66b8ef30a87
            Copyright © © Beckers et al. Published by BCS Learning and Development Ltd. Proceedings of British HCI 2016 Conference Fusion, Bournemouth, UK
            License:

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            Conference name: Proceedings of the 30th International BCS Human Computer Interaction Conference
            Conference acronym: HCI
            Conference number: 30
            Conference location: Bournemouth University, Poole, UK
            Conference date: 11 - 15 July 2016
            Conference sponsor: Electronic Workshops in Computing (eWiC)
            Conference theme: Fusion
            History
            Product

            1477-9358 BCS Learning & Development

            Self URI (article page): https://www.scienceopen.com/hosted-document?doi=10.14236/ewic/HCI2016.94
            Self URI (journal page): https://ewic.bcs.org/
            Categories
            Series title: Electronic Workshops in Computing

            ScienceOpen disciplines: Applied computer science,Computer science,Security & Cryptology,Graphics & Multimedia design,General computer science,Human-computer-interaction
            Keywords: Security,Social Engineering,Methods,Serious Gaming,Education

            REFERENCES

            1. 2016a A serious game for eliciting social engineering security requirements. Proceedings of the 24th IEEE International Conference on Requirements Engineering RE 16 To Appear IEEE Computer Society

            2. 2016b Theoretical foundation for: A serious game for social engineering. Technical report, Technical University Munich (TUM) and Goethe-University Frankfurt http://pape.science/social-engineering/

            3. 2000 Beyond Boredom and Anxiety: Experiencing Flow in Work and Play 25th Anniversary Jossey-Bass

            4. 2013 Control-alt-hack: The design and evaluation of a card game for computer security awareness and education Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS ’13 New York, NY, USA 915 928 ACM

            5. 2003 The threat of social engineering and your defense against it. SANS Reading Room

            6. 2010 Social engineering: The art of human hacking Indianapolis John Wiley & Sons

            7. 2016 The social engineering infographic Technical report, Social Engineer, Inc. http://www.social-engineer.org/social-engineering/social-engineering-infographic/

            8. 2006 A prototype for assessing information security awareness. Comput. Secur 25 4 289 296

            9. 2009 The Art of Deception Wiley

            10. 2006 Social engineering: Concepts and solutions. Information Systems Security 15 5 13 21

            11. Proofpoint 2016 The human factor report 2016. https://www.proofpoint.com/us/human-factor-report-2016

            12. 2016 Flow kurz skala. Technical report http://www.psych.uni-potsdam.de/people/rheinberg/messverfahren/FKS-englisch.pdf

            13. 2012 Elevation of privilege: Drawing developers into threat modeling Technical report, Microsoft, Redmond, U.S. http://download.microsoft.com/download/F/A/E/FAE1434F-6D22-4581-9804-8B60C04354E4/EoP_Whitepaper.pdf

            14. 2014 Threat Modeling: Designing for Security 1st John Wiley & Sons Inc

            15. 2011 March Understanding scam victims: Seven principles for systems security. Commun ACM 54 3 70 75

            16. 2009 Protection poker: Structuring software security risk assessment and knowledge transfer. Proceedings of International Symposium on Engineering Secure Software and Systems 122 134 Springer

            17. 2010 May Protection poker: The new software security “game”. Security Privacy IEEE 8 3 14 20

            Comments

            Comment on this article