Artigo em revista científica Q1
Thriving in the era of hybrid work: Raising cybersecurity awareness using serious games in industry trainings
Tiange Zhao (Zhao, T.); Tiago Espinha Gasiba (Gasiba, T.); Maria Pinto-Albuquerque (Pinto-Albuquerque, M.); Ulrike Lechner (Lechner, U.);
Título Revista
Journal of Systems and Software
Ano (publicação definitiva)
2024
Língua
Inglês
País
Estados Unidos da América
Mais Informação
Web of Science®

N.º de citações: 5

(Última verificação: 2024-12-20 17:39)

Ver o registo na Web of Science®

Scopus

N.º de citações: 3

(Última verificação: 2024-12-15 13:39)

Ver o registo na Scopus

Google Scholar

N.º de citações: 7

(Última verificação: 2024-12-21 15:12)

Ver o registo no Google Scholar

Abstract/Resumo
The important missions of modern software engineering education are to prepare software engineers to work in a hybrid mode and to address the need to enable them to write secure code and deliver secure products and services to the customer. Providing training akin to an authentic experience poses several challenges, such as hybrid infrastructures, lack of engagement, and interactions. Cybersecurity and cybersecurity awareness have also gained importance due to the shift towards work-from-home (WFH) or work-from-anywhere (WFA): The work environment is forced to be distributed across large heterogeneous networks with different security levels. We perceive hybrid work as a work mode where the team members follow WFH or WFA and work from the office. Therefore various security levels at the workplace and restrictions on informal team communications need to be taken into account. We report on experiences from an industrial company producing software and cyber-physical systems. Initially set to update the existing secure code guidelines, the study lead to the discovery that it is crucial to go beyond an up-to-date set of security guidelines: it is mandatory to raise the cybersecurity awareness of those who are to follow the guidelines. We present a novel approach, via serious games, to train software engineers working in the industry, which is delivered in a hybrid mode and equips practitioners to face the challenges of hybrid work. Serious games have more than just entertainment purposes. They have proven effective ways to maintain engagement and boost training, particularly in cybersecurity. We developed and used two innovative serious games to raise cybersecurity awareness: 1) CyberSecurity Challenges (CSC), about how to develop secure software; and 2) Cloud of Assets and Threats (CATS), about cloud security, including its shared responsibility model. It is decisive for the industry that the software is written, developed, and deployed securely. The cloud service has replaced many on-premises deployments. It is essential to enable hybrid work, turning knowledge and practice about cloud security into essential capacities for professional hybrid work. We provide the theoretical foundations for the two serious games and the overall approach. We also report and analyze more than 300 industry practitioners’ training experiences from 2017 to 2023 and use this to evaluate the games. By applying serious games in the industry, among practitioners, we gain valuable experience in combining the advantage of different training modes and mitigating the disadvantage of online training. We observe the impact of serious games through a scientifically-sound approach based on the data and feedback we collected systematically from the trainers’, trainees’, and organization’s perspectives. We show through empirical evidence that serious games are a successful approach for training conducted in hybrid work mode while providing authentic and immersed experiences that empower and raise cybersecurity awareness of current and future software professionals.
Agradecimentos/Acknowledgements
This research task was partially supported by Fundacão para a Ciência e a Tecnologia, I.P. (FCT) [ISTAR Projects: UIDB/04466/2020 and UIDP/04466/2020]. Ulrike Lechner acknowledges funding by dtec.bw for project LIONS and dtec.bw is funded by the European
Palavras-chave
Serious game,Secure coding,Cloud security,Industry,Hybrid work,Awareness of cybersecurity
  • Ciências da Computação e da Informação - Ciências Naturais
Prémios
Serious game; Secure coding; Cloud security; Industry; Hybrid work; Awareness of cybersecurity
Registos de financiamentos
Referência de financiamento Entidade Financiadora
UIDB/04466/2020 Fundação para a Ciência e a Tecnologia
UIDP/04466/2020 Fundação para a Ciência e a Tecnologia
Projetos Relacionados