Scientific journal paper Q2
Raising awareness about cloud security in industry through a board game
Tiange Zhao (Zhao, T.); Tiago Espinha Gasiba (Gasiba, T.); Ulrike Lechner (Lechner, U.); Maria Pinto-Albuquerque (Pinto-Albuquerque, M.);
Journal Title
Information
Year (definitive publication)
2021
Language
English
Country
Switzerland
More Information
Web of Science®

Times Cited: 4

(Last checked: 2024-11-23 20:35)

View record in Web of Science®


: 1.7
Scopus

Times Cited: 9

(Last checked: 2024-11-20 20:17)

View record in Scopus


: 0.8
Google Scholar

Times Cited: 11

(Last checked: 2024-11-22 02:40)

View record in Google Scholar

Abstract
Today, many products and solutions are provided on the cloud; however, the amount and financial losses due to cloud security incidents illustrate the critical need to do more to protect cloud assets adequately. A gap lies in transferring what cloud and security standards recommend and require to industry practitioners working in the front line. It is of paramount importance to raise awareness about cloud security of these industrial practitioners. Under the guidance of design science paradigm, we introduce a serious game to help participants understand the inherent risks, understand the different roles, and encourage proactive defensive thinking in defending cloud assets. In our game, we designed and implemented an automated evaluator as a novel element. We invite the players to build defense plans and attack plans for which the evaluator calculates success likelihoods. The primary target group is industry practitioners, whereas people with limited background knowledge about cloud security can also participate in and benefit from the game. We design the game and organize several trial runs in an industrial setting. Observations of the trial runs and collected feedback indicate that the game ideas and logic are useful and provide help in raising awareness of cloud security in industry. Our preliminary results share insight into the design of the serious game and are discussed in this paper.
Acknowledgements
Maria Pinto-Albuqueque thanks the Instituto Universitário de Lisboa and ISTAR, for their support. Ulrike Lechner acknowledges partial funding of this work in project LIONS by dtec.bw.
Keywords
Cloud security,Cloud control matrix,Shared-responsibility model,Industry,Awareness,training,Serious game
  • Computer and Information Sciences - Natural Sciences
Funding Records
Funding Reference Funding Entity
UIDB/04466/2020 Fundação para a Ciência e a Tecnologia
UIDP/04466/2020 Fundação para a Ciência e a Tecnologia
Related Projects

This publication is an output of the following project(s):