Nowadays, companies are increasingly using cloud-based platform for its convenience and flexibility. However, companies still need to protect their assets when deploying their infrastructure in the cloud. Over the last years, the number of cloud-specific vulnerabilities has been increasing. In this work, we introduce a serious game to help participants to understand the inherent risks, understand the different roles, and to encourage proactive defensive thinking. Our game includes an automated evaluator as a novel element. The players are invited to build defense plans and attack plans, which will be checked by the evaluator. We design the game and organize a trial-run in an industrial setting. Our preliminary results bring insight into the design of such a game, and constitute the first step in a research using design science.
@InProceedings{zhao_et_al:OASIcs.ICPEC.2021.11, author = {Zhao, Tiange and Gasiba, Tiago Espinha and Lechner, Ulrike and Pinto-Albuquerque, Maria}, title = {{Exploring a Board Game to Improve Cloud Security Training in Industry}}, booktitle = {Second International Computer Programming Education Conference (ICPEC 2021)}, pages = {11:1--11:8}, series = {Open Access Series in Informatics (OASIcs)}, ISBN = {978-3-95977-194-8}, ISSN = {2190-6807}, year = {2021}, volume = {91}, editor = {Henriques, Pedro Rangel and Portela, Filipe and Queir\'{o}s, Ricardo and Sim\~{o}es, Alberto}, publisher = {Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik}, address = {Dagstuhl, Germany}, URL = {https://drops.dagstuhl.de/entities/document/10.4230/OASIcs.ICPEC.2021.11}, URN = {urn:nbn:de:0030-drops-142276}, doi = {10.4230/OASIcs.ICPEC.2021.11}, annote = {Keywords: cloud security, cloud control matrix, shared-responsibility model, industry, training, gamification} }
Feedback for Dagstuhl Publishing