Gamification of Security Awareness: Escape Rooms - Presented by Jamie Turner and David Luna of Texas Workforce Commission - Texas.gov
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Gamification of
Security
Awareness:
Escape Rooms
Presented by Jamie Turner and David Luna
of Texas Workforce Commission
Who we are
JAMIE DAVID
-AIR FORCE VETERAN -CISSP
-CYBERSECURITY ANALYST -CYBERSECURITY ANALYST
-YOUTUBE ENTHUSIAST -PUZZLE MASTER
JAMIE.TURNER@TWC.STATE.TX.US DAVID.LUNA@TWC.STATE.TX.US
WHY DID WE DO THIS? WHAT’S AN ESCAPE ACCESSIBLY AWARENESS TRAINING
ROOM? CONSIDERATIONS THOUGHTS
Overview
OUR ESCAPE ROOM GOALS FOR OUR GAMIFIED CYBER EMPLOYEE FEEDBACK
AGENCY SECURITY AWARENESS
Why do we do
this? DRIVERS ED = MANDATORY DEFENSIVE DRIVER
TRAINING = PUNISHMENT
Active vs Passive
Learning
BUMPER CARS = FUN
: a game in which participants confined to
a room or other enclosed setting (such as
What is an a prison cell) are given a set amount of
Escape Room? time to find a way to escape (as by
discovering hidden clues and solving a
series of riddles or puzzles).
-Merriam Webster Definition
SIGHT SOUND
Accessibility
COLOR
Things You May Already Know
Data breaches are
Games are fun.
continuing to grow.
Users on the frontlines
Not enough training.
are most vulnerable.
“End users are the problem.”
• Instead, they are our first line of defense!
“Escape rooms are a waste of time.”
Misconceptions • A great way to test what users have learned.
• Allows for mixed division team building.
“You won’t get a ROI on an escape room.”
• Investing a small budget can save you thousands in a
potential breach.
• A disgruntled ex-employee has
infiltrated TWC.
• They have begun collecting data
The Scenario from the agency.
• Mission: Find the USB with the
collected information.
The Escape Room Setup
Contents of our Escape Room Kit • Folder that included Scenario and Rules • Hint Cards • Information for puzzles 1,2, and 3 • Laptop • Posters • Decoys • USB's • Pouch with Lock attached • Timer • UV light/Pens
• 30 minutes time slots
• 20 minute timer for game
Time and
Penalties • +1 minute penalty card
• +2 minute penalty cardMath: A Fan Favorite
Escape Room 6 Look through REAL email Plug in the
For the REAL code correct USB to find out
1 Solve Math 3 Decode Poster 2 mins 9 If you are correct
2 mins
+ + = 10
Code:
+ =8 ASDFGHJKLQ
Use cipher to
2 mins 7 decode 0 mins
the code
2 Use password 8
Use Math
4 get to emails UV Clue: Use Cipher
3 mins Pick the REAL USB
Answer to Unlock Pouch
Admin FAKE CODE
Locked pouch ?????
containing password 5 FAKE CODE
Look through email
to find the one non phishing email
3 mins REAL CODE
UV Clue: Fake Clue
UV Clue: Use Poster 8mins FAKE CODEWhat did we PHISHING DECRYPTION
Want to
Teach?
TEAMWORKPhishing Example
Goals for our Agency
INCREASING EMPLOYEE AWARENESS FOR TRAINING WHILE AVOIDING
ENGAGEMENT CYBERSECURITY MONTH NEGATIVE CONSEQUENCESIncrease Employee Engagement Use of teams and leaderboards.
Keep it short; under 30 minutes.
Rewards instead of punishments.
Make it Minimum of two, max of five users per group.
Enjoyable for the
Users Keep the excitement level up.
Every puzzle does not have to relate to security.
Know your intended audience.Users who “Broke Out”
Users who “Broke Out”
Users requesting more
active learning like this.
The Wow Users encouraging other
Moment employee to participate.
Users truly understanding
security concepts.Feedback Received from Agency Employee's
Feedback Received from Agency Employee's
Feedback Received from Agency Employee’s
• We would like to give credit to Linda Ludwig of
Grinnell College. Link to her Escape Room is
here.
• Supplies available at our agency.
Resources and • $100
References • Texas Administrative Code §202.24
• All escape room files will be available by
contacting Jamie or David.Please feel free to contact us for
escape room files or more
information.
Questions? jamie.turner@twc.state.tx.us
david.luna@twc.state.tx.usYou can also read
