Serious gaming is becoming fundamental for reducing the initial effort of studying highly complex and extremely technical subjects. Cybersecurity is no exception as it is in general perceived as one of the most difficult fields in computer science. This happens because cybersecurity is orthogonal to any specific technology. As a consequence, although many people may be interested in knowing more about cybersecurity, approaching the topic is often perceived as cumbersome, if not even frustrating. In this context, serious gaming can be adopted to create an engaging and controlled environment where players with no security skills may face realistic challenges. Needless to say, designing and implementing such games is itself a challenge. In this chapter, we present our experience with designing and implementing a serious game on cybersecurity, called A NERD DOGMA. Briefly, A NERD DOGMA is a classical escape room adventure where players have to progressively advance by solving some challenges. What truly characterizes A NERD DOGMA is that all of the enigmas are actual cybersecurity challenges. Each challenge is based on a real security scenario where the player, being the attacker or the on-field agent, has to exfiltrate data, break ciphers, and intrude in remote systems. The main objective is to provide inexpert users with a first-hand experience of how certain security operations are planned and executed. To this aim, a number of issues must be addressed. For instance, one cannot avoid introducing security tools, e.g., to scan a remote machine programmatically. However, requiring players to interact with a command line terminal might discourage most of them. Another difficulty emerges from the integration of third-party technologies. Most games are self-contained, i.e., they do not allow participants to directly interact with external systems or resources, and, in case it is necessary, they mimic the external environment. Nevertheless, this approach is not optimal for cybersecurity where “thinking out of the box” is of paramount importance. Taking strategic design decisions requires a systematic assessment of these and other technical aspects that we present in this chapter.
Designing a Serious Game for Cybersecurity Education
Costa, Gabriele
;
2023-01-01
Abstract
Serious gaming is becoming fundamental for reducing the initial effort of studying highly complex and extremely technical subjects. Cybersecurity is no exception as it is in general perceived as one of the most difficult fields in computer science. This happens because cybersecurity is orthogonal to any specific technology. As a consequence, although many people may be interested in knowing more about cybersecurity, approaching the topic is often perceived as cumbersome, if not even frustrating. In this context, serious gaming can be adopted to create an engaging and controlled environment where players with no security skills may face realistic challenges. Needless to say, designing and implementing such games is itself a challenge. In this chapter, we present our experience with designing and implementing a serious game on cybersecurity, called A NERD DOGMA. Briefly, A NERD DOGMA is a classical escape room adventure where players have to progressively advance by solving some challenges. What truly characterizes A NERD DOGMA is that all of the enigmas are actual cybersecurity challenges. Each challenge is based on a real security scenario where the player, being the attacker or the on-field agent, has to exfiltrate data, break ciphers, and intrude in remote systems. The main objective is to provide inexpert users with a first-hand experience of how certain security operations are planned and executed. To this aim, a number of issues must be addressed. For instance, one cannot avoid introducing security tools, e.g., to scan a remote machine programmatically. However, requiring players to interact with a command line terminal might discourage most of them. Another difficulty emerges from the integration of third-party technologies. Most games are self-contained, i.e., they do not allow participants to directly interact with external systems or resources, and, in case it is necessary, they mimic the external environment. Nevertheless, this approach is not optimal for cybersecurity where “thinking out of the box” is of paramount importance. Taking strategic design decisions requires a systematic assessment of these and other technical aspects that we present in this chapter.File | Dimensione | Formato | |
---|---|---|---|
978-3-031-33338-5_12.pdf
non disponibili
Tipologia:
Versione Editoriale (PDF)
Licenza:
Non specificato
Dimensione
3.53 MB
Formato
Adobe PDF
|
3.53 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.