In recent years, the market of cloud services has been growing rapidly. Consequently, cloud security has become a heavily discussed topic in the industry. If cloud assets are misconfigured, it can lead to severe security issues and be exposured to cybersecurity attacks. It is of great importance that industry practitioners understand the security challenges and their responsibilities to protect cloud assets. We designed a serious game: Cloud of Assets and Threats (CATS) as an enrichment to the traditional training method to empower users of the cloud infrastructure in terms of cloud security awareness. In this work, we propose a new ontology-based model to support the evaluation of the simulated attack scenarios in CATS. We share the implementation details and the algorithm, based on the Common Vulnerability Scoring System (CVSS), which is used in CATS to evaluate the simulated attack scenarios. With this innovative effort, we maximize the level to which the CATS game reflects real-world facts, and provide a reasonable level of abstraction in the serious game. Our work contributes to the body of knowledge by extending the existing ontology and applying it in the evaluator algorithm, which stands at the core of our serious game CATS. We apply CATS in training in the industry and discovered that CATS is a promising approach to help the industry practitioners to understand cloud security concepts and raise awareness about cloud security. Scholars in the academic world benefit from the work by gaining experience in instantiating the design science paradigm.

Furthermore, the third author thanks the Instituto Universitário de Lisboa and ISTAR, for their support.

Technology and engineering learning,Cloud security,Awareness,Industry,Serious game,Shared-responsibility model,Ontology-based model

Esta publicação é um output do(s) seguinte(s) projeto(s):

• Alternative Shaper
• O Impacto das Tecnologias Blockchains e de registo descentralizado