The International Conference on Information Systems Security and Privacy (ICISSP) 2023 took place on February 22-24, 2023 in Lissabon, Portugal. I presented a paper on “A Scenario-Driven Cyber Security Awareness Exercise Utilizing Dynamic Polling: Methodology and Lessons Learned”.
A Scenario-Driven Cyber Security Awareness Exercise Utilizing Dynamic Polling: Methodology and Lessons Learned
Abstract: As cyber security capabilities are becoming more relevant for society, the need for cyber security skills and teaching methods have increased. For example, cyber security exercises have emerged to train and test skills and abilities of people in emergency situations (e.g., under cyber attacks). While cyber security knowledge has become essential for everyone, we propose a cyber security awareness exercise that targets people with or without cyber security knowledge. Our novel approach uses dynamic surveys to visualize decisions during the exercise. In this paper, we describe the idea behind the exercise and specify the design, implementation and evaluation of this method. We validate our methodology with a cloud-based implementation that enables a low-barrier entry and a responsive design for the participants. We apply our methodology to four case studies. Our findings show that this methodology is an easy tool for organizers and helps participants to learn about cyber security. For future work, we aim to develop the methodology further and increase the scenarios to conduct more experiments with a diverse audience.