Security Awareness Training through Experiencing the Adversarial Mindset

Jens Christian Dalgaard, Niek A. Janssen, Oksana Kulyuk, Carsten Schurmann (IT University of Copenhagen)

Cybersecurity concerns are increasingly growing across different sectors globally, yet security education remains a challenge. As such, many of the current proposals suffer from drawbacks, such as failing to engage users or to provide them with actionable guidelines on how to protect their security assets in practice. In this work, we propose an approach for designing security trainings from an adversarial perspective, where the audience learns about the specific methodology of the specific methods, which attackers can use to break into IT systems. We design a platform based on our proposed approach and evaluate it in an empirical study (N = 34), showing promising results in terms of motivating users to follow security policies.

Paper

Slides

Video

View More Papers

VPN Awareness and Misconceptions: A Comparative Study in Canadian...

Lachlan Moore, Tatsuya Mori (Waseda University, NICT)

OBSan: An Out-Of-Bound Sanitizer to Harden DNN Executables

Yanzuo Chen (The Hong Kong University of Science and Technology), Yuanyuan Yuan (The Hong Kong University of Science and Technology), Shuai Wang (The Hong Kong University of Science and Technology)

Modeling End-User Affective Discomfort With Mobile App Permissions Across...

Yuxi Wu (Georgia Institute of Technology and Northeastern University), Jacob Logas (Georgia Institute of Technology), Devansh Ponda (Georgia Institute of Technology), Julia Haines (Google), Jiaming Li (Google), Jeffrey Nichols (Apple), W. Keith Edwards (Georgia Institute of Technology), Sauvik Das (Carnegie Mellon University)

The Walls Have Ears: Gauging Security Awareness in a...

Gokul Jayakrishnan, Vijayanand Banahatti, Sachin Lodha (TCS Research Tata Consultancy Services Ltd.)