Gamification For IT Security Training And Awareness Programs - Free Download PDF

1m ago
7.98 MB
46 Pages

Gamification for IT SecurityTraining and AwarenessPrograms 31st Annual Conference, March 14, 20181

Greg Walters, Associate GeneralCounsel2

3 Goals Understand Gamification Completely See how it is used -- Everywhere Add it to the agenda for your next officemeeting3

Why Learn? Be aware that it is all around you. Use it and be more effective. Realize what is truly ineffective (wasting time). Consider the alternatives.4

I. Clichés and Definitions Life is a Game Game the System Running my Game But Cybersecurity is not a Game!5

Finding the Fun “In every job that must be done, there is anelement of fun.” “You find the fun and snap! The job’s agame.”6

FUN “Gamification is taking what’s fun aboutgames and applying it to situations thatmaybe aren’t so fun.” Quote from GabeZichermann, The Gamification Revolution7

Gamification “At its core, gamification is about engagingpeople on an emotional level and motivatingthem to achieve their goals.” From Brian Burke: Gamify: How GamificationMotivates People to Do Extraordinary Things.8

Gamification? Awkward word by design (!)It is in version 2.0 or 3.0 already.Could use phrase “Game-Type” thinking.Or say “Type of Behavioral Economics.”Whatever you call it, it is all around us.UBIQUITOUS9

Points, Badges, Leaderboards Focus is on audience (employees, clients, coworkers, etc ) Emotions What engages an audience – makes them feelaccomplished?10

Mature Gamification “Effective gamification is a combination ofgame design, game dynamics, behavioraleconomics, motivational psychology, UX/UI(User Experience and User Interface),neurobiology, technology platforms, as well asROI-driving business implementations.” Yu-kaiChou11

II. History12



Theodore Roosevelt15

The New Normal16

III. Examples17

Game the EVS18

Rise and Repeat (1) Cellphones, Computers and the InternetCreate . (2) Big Data. And then we have (3) Gamification of Big Data (repeat)19

Information Monitored20



Did not call it a gameDid not add princesses, pigs or angry creaturesDid have instant feedbackDid use a threshold and target23

Supermarket Check Out24

Gamification Fail Hotel used leader boardto measure speed andeffectiveness ofhousekeeping staff Pregnant employee hadtrouble keeping up, anddemoralized workerscalled it “the electronicwhip.” NOT FUN for Anyone!25

More Fail Owner (of a chainof stores in Iowa)asked employees topick which cashierwas next to befired. Correctguess wins 10. NOT FUN!26

White Chocolate Mousse Cake27

IV. Theories28


Video Games30

What is so Appealing . Alternative Reality (where there are rules)Where it is fair.We can win.We can be recognized.We can try again.We can get better.31

Memories You are itTagBridgePoker night32

More Reasons Social Status Theory -- Earn Acceptance Cultural model – how we interact We naturally break big tasks into small ones.Accomplish each one & enjoy victories.33

Millennials Continuous exposure to positive reinforcement Games –phone & video – PewDiePie YouTube Their world offers them more ways to earntrophies Other world view “strong work ethic” – TeddyRoosevelt – belongs to receding generations We are all Millennials now (YOUTH/TECHCulture)34

V. What is Available Now ( )35

PwC Gamification36

High Tech v. Low Tech37

Information Security Game38

Confidential Information Game39

Low/No Cost (crossword puzzles,wordsearch, mazemaker etc ) – Raffle Tickets, “Trophies”Medals, (plus Candy) etc for Contests 40

Key Points Player’s motivations and goals are first priorities Organization’s motivations and goals are second Where the two overlap is the “goal,” outcome and thevalue of the activity for the organization Break goal into steps with encouragement along theway41

Cybersecurity Program Goals Training – Required by Law or PolicyIncrease Awareness of ProgramCreation of IT Security Culture in AgencyIncrease MoraleSupport Employee Engagement andInvestment in Company and its Staff42

Takeaways Don’t only focus on points, badges and leaderboards & cash. Do add other elements like stories and goals. Do make it a social activity and more positivereinforcement.43

Where is the Fun? Fun Posters44

Alternatives To Gamification Criticisms of the Idea? Programs Without Any Game Elements –Good Idea? Could a program be effective without anyelement of fun?45

VI. SUMMARY Gamification has always existed, it works andis here to stay, especially with the largestgeneration: Millennials. Focus on the employee’s emotionalengagement (i.e. where is the FUN?) Add Gamification to your agenda -- The ITSecurity community needs a community ofserious game players 46

• Social StatusTheory -- Earn Acceptance ... (YOUTH/TECH Culture) 34 . V. What is Available Now ($) 35. PwC Gamification 36 . High Tech v. Low Tech 37 . Information Security Game 38 . Confidential Information Game 39 . Low/No Cost • • (crossword puzzles, ...