Würth, Isaac and Zanetti, Marco (2022) SecureRole (BA). Other thesis, OST Ostschweizer Fachhochschule.
FS 2022-BA-EP-Würth-Zanetti-SecureRole.pdf - Supplemental Material
Download (1MB)
Abstract
Over the last couple of years, cyber security attacks have become a dominant issue in the global landscape. Phishing campaigns are on the rise and the world is in a current "gold rush for ransomware". Companies are being targeted with an increased frequency all around the world. This calls for IT experts, which often receive their first in-depth training in security during their time at college or in secondary education. The goal of this thesis is to better prepare students with the development of an incident response role-playing game. This can be achieved by collaborative training and using simulations to mimic a situation as close as possible to the real-world scenario. Teaching with versatile and adaptable scenarios builds up skills to prepare a company against different kinds of attacks and how to mitigate them, should one of its systems be compromised. Additionally, they learn to appropriately react, how to communicate, and on which basis to make meaningful decisions, as a key to success for eradication of the attacker and recovery to normal operation.
The result of the bachelor thesis is a framework, that gives guidance for the creation of packages and scenarios in a versatile and adaptable way, packages, that can be chained to create scenarios, and predefined scenarios to directly start a cybersecurity role-playing game. The framework allows for interchangeable content, which makes it possible to change certain parts of the role-play giving it an agile nature. The packages also include additional materials, such as text scripts, presentations, and curated internet content to deepen the knowledge about cyber security attack techniques and mitigations. The predefined scenarios are created with the packages and were tested during the thesis.
It started with an analysis of existing products, we evaluated if any of them could be an exact fit for our purposes. Sadly, none of them fully met the requirements. So we then used them to draw inspiration for our product. After we defined how the game is going to be played and how the framework for content creation is structured, we started the process of content creation itself. For verification and improvements of the content, we established a process of peer-reviews, asked external educators for their opinions, and tested it with our target audience. The created content was finally verified with an acceptance test, the results of which allowed for final improvements to be made to the product.
The landscape of cybersecurity threats is ever-changing, and incident responders need to be trained with an adequately agile approach. Our product offers a solid framework that allows us to create, edit and change our scenarios to keep the simulation dynamic and tailor it to the user's needs. This allows us to provide an interactive learning experience that helps inexperienced students take their first steps in a simulated environment, or advanced students hone their skills.
Keywords: Instructional design, Cyber security simulation, Tabletop game, Game-based learning
Item Type: | Thesis (Other) |
---|---|
Subjects: | Topics > Software > Testing and Simulation Area of Application > Academic and Education Area of Application > Security |
Divisions: | Bachelor of Science FHO in Informatik > Bachelor Thesis |
Depositing User: | OST Deposit User |
Contributors: | Contribution Name Email Thesis advisor Weiler, Nathalie UNSPECIFIED |
Date Deposited: | 19 Sep 2022 07:38 |
Last Modified: | 19 Sep 2022 07:38 |
URI: | https://eprints.ost.ch/id/eprint/1063 |