Abstract
Another Week at the Office (AWATO) is serious game aimed to educate users about threat modeling to help them and/or security analysts identify human factor related threats. AWATO offers an interactive experience where players assume the role of a security analyst where they must observe characters within an office, monitor their emails and phone calls, and identify concerning behavior (e.g. writing passwords on post-it notes).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
“The Weakest Link”, n.d., https://www.isdecisions.com/user-security-awareness-game/.
- 3.
Osmotic Studios, 2016, https://store.steampowered.com/app/491950/.
- 4.
Exosyphen studios, 2011, https://store.steampowered.com/app/70120/Hacker_Evolution_Duality/.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
The emails were created within an excel spreadsheet and implemented into the game via Blueprint scripts in the Unreal Engine.
References
Alberts, C.J., Behrens, S.G., Pethia, R.D., Wilson, W.R.: Operationally critical threat, asset, and vulnerability evaluation (octave) framework, version 1.0. Technical report, Carnegie-Mellon Univ Pittsburgh PA Software Engineering Inst (1999)
Cranor, L.F.: A framework for reasoning about the human in the loop (2008)
Dupont, G.: The dirty dozen errors in maintenance. In: The 11th Symposium on Human Factors in Maintenance and Inspection: Human Error in Aviation Maintenance (1997)
Ferro, L.S.: Keep your attackers close, but your users closer (2019)
Floyd, D., Portnow, J.: Tangential learning: How games can teach us while we play. Extra Credits (2008)
Hendrix, M., Al-Sherbaz, A., Bloom, V.: Game based cyber security training: are serious games suitable for cyber security training? Int. J. Serious Games 3(1) (2016)
Henshel, D., Sample, C., Cains, M., Hoffman, B.: Integrating cultural factors into human factors framework and ontology for cyber attackers. In: Nicholson, D. (ed.) Advances in Human Factors in Cybersecurity. Advances in Intelligent Systems and Computing, vol. 501, pp. 123–137. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41932-9_11
Hogarth, R.M., Lejarraga, T., Soyer, E.: The two settings of kind and wicked learning environments. Curr. Dir. Psychol. Sci. 24(5), 379–385 (2015)
Howard, M., LeBlanc, D.: Writing Secure Code. Pearson Education, London (2003)
Hussain, S., Kamal, A., Ahmad, S., Rasool, G., Iqbal, S.: Threat modelling methodologies: a survey. Sci. Int. (Lahore) 26(4), 1607–1609 (2014)
Irvine, C.E., Thompson, M.F., Allen, K.: CyberCIEGE: gaming for information assurance. IEEE Secur. Priv. 3(3), 61–64 (2005)
Mancuso, V.F., Strang, A.J., Funke, G.J., Finomore, V.S.: Human factors of cyber attacks: a framework for human-centered research. In: Proceedings of the Human Factors and Ergonomics Society Annual Meeting, vol. 58, pp. 437–441. SAGE Publications, Los Angeles (2014)
Marrella, A., Ferro, L.S., Catarci, T.: An approach to identifying what has gone wrong in a user interaction. In: Lamas, D., Loizides, F., Nacke, L., Petrie, H., Winckler, M., Zaphiris, P. (eds.) INTERACT 2019. LNCS, vol. 11748, pp. 361–370. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29387-1_20
Mozelius, P., Fagerström, A., Söderquist, M.: Motivating factors and tangential learning for knowledge acquisition in educational games. Electron. J. e-Learn. 15(4), 343–354 (2017)
Nagarajan, V., Huang, D.: Secure web referral service. In: The International Conference on Information Network 2012, pp. 53–58. IEEE (2012)
Nobles, C.: Botching human factors in cybersecurity in business organizations. HOLISTICA J. Bus. Public Admin. 9(3), 71–88 (2018)
Parsons, K., McCormac, A., Butavicius, M., Ferguson, L.: Human factors and information security: individual, culture and security environment. Technical report, Defence Science and Technology Organisation Edinburgh (Australia) Command\(\ldots \) (2010)
Reason, J.: The Human Contribution: Unsafe Acts, Accidents and Heroic Recoveries. CRC Press, Boca Raton (2017)
Saitta, P., Larcom, B., Eddington, M.: Trike v1 methodology document. Draft, work in progress (2005)
Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)
Sosonkin, M.: Octave: operationally critical threat, asset and vulnerability evaluation. Polytechnic University, April 2005
UcedaVelez, T., Morana, M.M.: Risk Centric Threat Modeling. Wiley Online Library, Hoboken (2015)
Vieane, A., Funke, G., Gutzwiller, R., Mancuso, V., Sawyer, B., Wickens, C.: Addressing human factors gaps in cyber defense. In: Proceedings of the Human Factors and Ergonomics Society Annual Meeting, vol. 60, pp. 770–773. SAGE Publications, Los Angeles (2016)
Young, H., van Vliet, T., van de Ven, J., Jol, S., Broekman, C.: Understanding human factors in cyber security as a dynamic system. In: Nicholson, D. (ed.) AHFE 2017. AISC, vol. 593, pp. 244–254. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-60585-2_23
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Ferro, L.S., Sapio, F. (2020). Another Week at the Office (AWATO) – An Interactive Serious Game for Threat Modeling Human Factors. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2020. Lecture Notes in Computer Science(), vol 12210. Springer, Cham. https://doi.org/10.1007/978-3-030-50309-3_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-50309-3_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-50308-6
Online ISBN: 978-3-030-50309-3
eBook Packages: Computer ScienceComputer Science (R0)