Data breaches within an organization have many causes. Social engineering attacks, ransomware applications and harmful spam email messages are data breach catalysts that are the result of human error. Human error is the leading cause of data breach and is also one of the more difficult factors for an organization to prevent. Many users are unable to see how their role is impacted by organizational security policy, and therefor see no benefit to abide the policy. When employees use company devices to perform personal tasks, or use personal devices to perform business tasks, lines of ownership can be blurred and important organizational data assets can be put at risk. This project and accompanying research paper will explore the gamification of a security training and awareness program. I set out to design and implement a prototype application that would make the process of training employees in security awareness fun and interactive. By developing role-based game modules to teach secure behavior to all organizational users, incentivizing secure behavior with real rewards that matter to participants and applying the training throughout the year, it will be possible to reinvent security awareness and prevent future data breaches. To aid in the iterative development of the application, I created usability studies to gauge user experience regarding the functionality, appearance and navigation of the application. I conducted the usability study at the Wilmington Information Technology Expo, or WITX, with fellow students and with co-workers. I found that users rated the appearance of the application with an average score of 2.68 out of 10, where 1 leaned towards positive responses and 10 leaned toward negative responses. Users rated the functionality of the application with an average score of 2.89. And finally, users rated their experience with navigation within the application with an average score of 3.04.

Recommended Citation: Cole J., Pence T., Cummings J., Baker E., (2017). Gamifying Security Awareness: A New Prototype. UNCW MS CSIS Proceedings. V. 11 , N. 1 .