Vis enkel innførsel

dc.contributor.advisorBartnes, Maria
dc.contributor.advisorRocha Flores, Waldo
dc.contributor.advisorGjære, Erlend Andreas
dc.contributor.authorGjertsen, Eyvind Garder B
dc.date.accessioned2016-08-31T14:00:28Z
dc.date.available2016-08-31T14:00:28Z
dc.date.created2016-06-13
dc.date.issued2016
dc.identifierntnudaim:14763
dc.identifier.urihttp://hdl.handle.net/11250/2403232
dc.description.abstractThe security reports are unambiguous: the human factor constitutes a real vulnerability in the information security domain. It is crucial that employees of companies and governments understand the risks and threats connected with use of \gls{it} systems, and act on the knowledge to prevent security breaches and leakage of sensitive information to cyber criminals or nation state espionage. It is assumed that security awareness and training programs are one of the primary ways of raising someone's conciousness and building competence in the field of information security. However, current programs are sometimes viewed as tedious and uninteresting by the employees that take them. Consequently, the programs fail to create the behaviour and competence needed for employees to anticipate and prevent security breaches. % Gamification & What is the study about Gamification is a design technique where elements from games are deployed in non-game contexts to increase user engagement and motivation. This thesis has taken a qualitative research approach to assess if and how gamification can be used in security awareness and training programs in order to defeat the tediousness and thus improve learning outcomes. The idea that has been studied is a long-term, continuous program that makes use of a gamified software application to mediate awareness and training material to employees. Qualitative data has been collected through interviews with security professionals and workshops with end users from two different Norwegian companies, in order to gain an understanding of the possibilities and limitations of the proposed concept. A prototype of a gamified application was developed to aid the research. The results indicate that gamification can have positive effects in combination with security awareness and training. Firstly, it was found that companies and employees often can have multiple common ambitions connected with the training; common goals that should be used as focus points in future programs. Secondly, it was discovered that employees would principally value factors such as progression and mastery as motivational stimulus in the training. Thirdly, results from the workshops suggests that gamification can increase motivation towards completing training, and potentially improve learning outcomes as a result of this. Conclusively, it was indicated that a long-term gamified training program, with use of short and concise exercises, could lead employees to think more about security during the daily work, which in turn suggests a potential for behaviour change.
dc.languageeng
dc.publisherNTNU
dc.subjectKommunikasjonsteknologi, Informasjonssikkerhet
dc.titleUse of Gamification in Security Awareness and Training Programs
dc.typeMaster thesis
dc.source.pagenumber98


Tilhørende fil(er)

Thumbnail
Thumbnail
Thumbnail

Denne innførselen finnes i følgende samling(er)

Vis enkel innførsel