SlideShare ist ein Scribd-Unternehmen logo

Gamification and Security Talk

Jason Hong
Jason Hong

The document discusses gamification and its applications to security training. It provides examples of how activities in various domains like fitness, education and games have been gamified. For security training, it describes how games and platforms have been directly developed to gamify training or how training could be indirectly gamified through achievements, points systems and competitions. The effectiveness of gamification is mixed, with some studies showing initial positive results for training but potential for user boredom over time.

TechnologieBusiness
1 von 33
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Gamification and Security Jason Hong, PhD CTO and Co-Founder Wombat Security Technologies
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Today’s Topics • Non-Security Examples of Gamification – Give examples of diversity and range of ideas – Step back, talk about core ideas and mechanisms • Gamification for Security • Effectiveness of Gamification
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Lots of Examples of Gamification
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Directly Turning Activity into a Game • http://www.thefuntheory.com/
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Directly Turning Activity into a Game
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Directly Turning Activity into a Game
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Indirectly Making Things into a Game
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Indirectly Making Things into a Game
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. World of Warcraft Achievements
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Extreme Lengths for Achievements • Car mechanic needed to add 40 more hours to the 50 he had already spent playing Perfect Dark Zero to earn the last achievements
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Coding Achievements in Visual Studio • Fun achievements – Lonely: Coding on Fri or Sat night – Potty Mouth: use five different curse words • Highlight “hidden” features – Extensions Junkie: install 5 extensions – Casual Observer: use debugging features – Cheater: use IntelliTrace Menu 10x
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Why Gamification? • Increased stickiness – Loyalty cards • Opening up possibilities, setting goals – Beer passport, Visual Studio achievements • Make boring activities fun – Piano stairs, FitBit, pedometer • Increased revenues – WoW for-pay steeds (showing off)
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. What Motivates People? • Social utility – Reciprocity – Identification with group – Altruism • External personal value – Reinforcement – Pay – Privilege – Reputation • Intrinsic value of task – Fun – Curiosity – Challenge
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Motivations and Gamification • Extrinsic – Publicly visible forms of reputation, rank – Prestige within a community – Privilege (special access, early access) • Intrinsic – Fun (make a boring activity fun) – Challenge (set high goals for oneself) • Social – Fun, chatting and socializing with others
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Example: . • Goal: Get mobility data from people, get people to go to cafés / stores / etc • Extrinsic – Publicly visible achievements – Points for going to unusual places – Discounts if mayor (sometimes) • Intrinsic – Makes going to places more fun – Learn more places in city
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Example: Visual Studio • Goal: Get people to learn more about and use features in Visual Studio • Extrinsic – Points (note that some fun ones offer 0 points, to disincentivize stupidity) • Intrinsic – Funny achievements – Joy of unexpected achievements
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Today’s Topics • Non-Security Examples of Gamification • Gamification for Security • Effectiveness of Gamification
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Directly Gamifying Security • Direct – Anti-Phishing Phil – Security Training Platform – CyberCIEGE – Shostack's Elevation of Privilege Game • Indirect – ???
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Micro-Games for Cyber Security • Training doesn’t have to be long & boring • Micro game format, play for short time • Two-thirds of Americans played a video game in past six months • Not just young people – Average game player 35 years old – 25% of people over 50 play games • Not just males – 40% of casual gamers women
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Wombat’s Security Training Platform
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. CyberCIEGE • Users spend virtual money to operate and defend their networks, and can watch the consequences of their choices, while under attack • Free for US gov and educational, eval copy for other orgs
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Elevation of Privilege • Get your developers to think more about threat modeling – Spoofing – Tampering – Repudiation – Information Disclosure – Denial of Service • http://www.microsoft.com/security/sdl/adopt/eop.aspx
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Indirectly Gamifying Security • Not much work done here – Also not clear to me what a good angle of attack is • Turn security into a meta-game – Ex. Achievements for completing training? – Ex. Points for doing ongoing training (perhaps link with ability to spend points)? – Ex. Limit how far individuals can go (require social or group effort, similar to Farmville)? – Ex. Competition between groups in an org
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Effects of Gamification? • Phil, very good results with just 15 min of play – Over 100k people playing it in first month – Marked improvement (4517 people selected)
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Effects of Gamification? • In our studies of foursquare, major reasons for using it (in rough order of strength) – Badges and Fun – Social connection – Place discovery – Keeping track of places – A game you can play by yourself • Other research found people who check-in more correlated with more knowledge of city
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Effects of Gamification • Gamification not a panacea – Wii Fit found to be fun but not effective for family fitness (Scott Owens) – “Several recent studies have found that young people often grow bored with exergaming. Three months into a recent six-month study of the effects of a dance game, for instance, only 2 of the 21 children participating were still using the game at least twice a week.” (NYTimes) – “But there may be another, unexpected group for whom exergaming might be extremely beneficial: grandparents.”
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Summary • Lots of real-world examples of gamification – Directly turning something into a game – Indirectly offering game-like mechanisms • Motivations – Intrinsic, extrinsic, social • Gamification for security – A few examples, still in early stages – Not entirely clear yet what does and doesn’t work
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Extras
© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. MySecureCyberspace

Empfohlen

Jump higher exercise
Jump higher exerciseJump higher exercise
Jump higher exerciseHellen Meyer
 
Inaugural Addresses
Inaugural AddressesInaugural Addresses
Inaugural AddressesBooz Allen Hamilton
 
How to think like a startup
How to think like a startupHow to think like a startup
How to think like a startupLoic Le Meur
 
32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your Business32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your BusinessBarry Feldman
 
Teaching Students with Emojis, Emoticons, & Textspeak
Teaching Students with Emojis, Emoticons, & TextspeakTeaching Students with Emojis, Emoticons, & Textspeak
Teaching Students with Emojis, Emoticons, & TextspeakShelly Sanchez Terrell
 
Hype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerHype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerLuminary Labs
 
Intellectual Property for Startups
Intellectual Property for StartupsIntellectual Property for Startups
Intellectual Property for StartupsSenator Ihenyen
 
Protect Your Rights: Managing Intellectual Property Risks
Protect Your Rights: Managing Intellectual Property RisksProtect Your Rights: Managing Intellectual Property Risks
Protect Your Rights: Managing Intellectual Property RisksErin L. Webb
 

Empfohlen

Jump higher exercise
Jump higher exerciseJump higher exercise
Jump higher exerciseHellen Meyer
 
Inaugural Addresses
Inaugural AddressesInaugural Addresses
Inaugural AddressesBooz Allen Hamilton
 
How to think like a startup
How to think like a startupHow to think like a startup
How to think like a startupLoic Le Meur
 
32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your Business32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your BusinessBarry Feldman
 
Teaching Students with Emojis, Emoticons, & Textspeak
Teaching Students with Emojis, Emoticons, & TextspeakTeaching Students with Emojis, Emoticons, & Textspeak
Teaching Students with Emojis, Emoticons, & TextspeakShelly Sanchez Terrell
 
Hype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerHype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerLuminary Labs
 
Intellectual Property for Startups
Intellectual Property for StartupsIntellectual Property for Startups
Intellectual Property for StartupsSenator Ihenyen
 
Protect Your Rights: Managing Intellectual Property Risks
Protect Your Rights: Managing Intellectual Property RisksProtect Your Rights: Managing Intellectual Property Risks
Protect Your Rights: Managing Intellectual Property RisksErin L. Webb
 
Power center 10.4 getting started .pdf
Power center 10.4 getting started .pdfPower center 10.4 getting started .pdf
Power center 10.4 getting started .pdfVenkiInnConfUsion
 
iGCSE Theory Unit 6 – Effects of Using ICT
iGCSE Theory Unit 6 – Effects of Using ICTiGCSE Theory Unit 6 – Effects of Using ICT
iGCSE Theory Unit 6 – Effects of Using ICTjonspav
 
Adelphi consulting understanding film and intellectual property presentation ...
Adelphi consulting understanding film and intellectual property presentation ...Adelphi consulting understanding film and intellectual property presentation ...
Adelphi consulting understanding film and intellectual property presentation ...Adelphi Consulting
 
Protecting your business ideas including crowdfunding
Protecting your business ideas including crowdfundingProtecting your business ideas including crowdfunding
Protecting your business ideas including crowdfundingTraklight.com
 
Don’t Play with the Law
Don’t Play with the LawDon’t Play with the Law
Don’t Play with the LawSeriousGamesAssoc
 
Traklight | 85 Broads How to Prepare for Funding | IP
Traklight | 85 Broads How to Prepare for Funding | IPTraklight | 85 Broads How to Prepare for Funding | IP
Traklight | 85 Broads How to Prepare for Funding | IPTraklight.com
 
Intel ISEF Symposium Protecting your Ideas
Intel ISEF Symposium Protecting your Ideas Intel ISEF Symposium Protecting your Ideas
Intel ISEF Symposium Protecting your Ideas Traklight.com
 
Empowering Your Users: Maximizing the Content Management Experience
Empowering Your Users: Maximizing the Content Management ExperienceEmpowering Your Users: Maximizing the Content Management Experience
Empowering Your Users: Maximizing the Content Management ExperienceJeffrey Rondeau
 
Cybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection serverCybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection serverAmit Serper
 
Data Migration Approach to SAP ISU CRM ECC.pdf
Data Migration Approach to SAP ISU CRM ECC.pdfData Migration Approach to SAP ISU CRM ECC.pdf
Data Migration Approach to SAP ISU CRM ECC.pdfssuser97273c
 
Technology-protection
Technology-protectionTechnology-protection
Technology-protectionSoftware by silentsoul
 
Indigo vision company overview 2018
Indigo vision company overview 2018Indigo vision company overview 2018
Indigo vision company overview 2018Cartronic Group
 
44CON Hacking Enterprises
44CON Hacking Enterprises44CON Hacking Enterprises
44CON Hacking Enterprisesin.security Ltd.
 
500 Startups | IP 101 | Traklight
500 Startups | IP 101 | Traklight500 Startups | IP 101 | Traklight
500 Startups | IP 101 | TraklightTraklight.com
 
OSGi Technology and IP-Based Video Surveillance in HomeSecurity, Access Contr...
OSGi Technology and IP-Based Video Surveillance in HomeSecurity, Access Contr...OSGi Technology and IP-Based Video Surveillance in HomeSecurity, Access Contr...
OSGi Technology and IP-Based Video Surveillance in HomeSecurity, Access Contr...mfrancis
 
Sitecore Symposium 2018 - Cooking Up Smart Product Recommendations for Siteco...
Sitecore Symposium 2018 - Cooking Up Smart Product Recommendations for Siteco...Sitecore Symposium 2018 - Cooking Up Smart Product Recommendations for Siteco...
Sitecore Symposium 2018 - Cooking Up Smart Product Recommendations for Siteco...John Montes
 
Beyond the Phish with GTRI and Wombat Security Technologies
Beyond the Phish with GTRI and Wombat Security TechnologiesBeyond the Phish with GTRI and Wombat Security Technologies
Beyond the Phish with GTRI and Wombat Security TechnologiesZivaro Inc
 
Getting Started with IBM i Security
Getting Started with IBM i Security Getting Started with IBM i Security
Getting Started with IBM i Security HelpSystems
 
Sitecore Symposium 2018 - Supercharge Your Author Experience With Machine Lea...
Sitecore Symposium 2018 - Supercharge Your Author Experience With Machine Lea...Sitecore Symposium 2018 - Supercharge Your Author Experience With Machine Lea...
Sitecore Symposium 2018 - Supercharge Your Author Experience With Machine Lea...Mark Stiles
 
So you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howSo you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howJoe McCray
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 

Weitere ähnliche Inhalte

Ähnlich wie Gamification and Security Talk

Power center 10.4 getting started .pdf
Power center 10.4 getting started .pdfPower center 10.4 getting started .pdf
Power center 10.4 getting started .pdfVenkiInnConfUsion
 
iGCSE Theory Unit 6 – Effects of Using ICT
iGCSE Theory Unit 6 – Effects of Using ICTiGCSE Theory Unit 6 – Effects of Using ICT
iGCSE Theory Unit 6 – Effects of Using ICTjonspav
 
Adelphi consulting understanding film and intellectual property presentation ...
Adelphi consulting understanding film and intellectual property presentation ...Adelphi consulting understanding film and intellectual property presentation ...
Adelphi consulting understanding film and intellectual property presentation ...Adelphi Consulting
 
Protecting your business ideas including crowdfunding
Protecting your business ideas including crowdfundingProtecting your business ideas including crowdfunding
Protecting your business ideas including crowdfundingTraklight.com
 
Traklight | 85 Broads How to Prepare for Funding | IP
Traklight | 85 Broads How to Prepare for Funding | IPTraklight | 85 Broads How to Prepare for Funding | IP
Traklight | 85 Broads How to Prepare for Funding | IPTraklight.com
 
Intel ISEF Symposium Protecting your Ideas
Intel ISEF Symposium Protecting your Ideas Intel ISEF Symposium Protecting your Ideas
Intel ISEF Symposium Protecting your Ideas Traklight.com
 
Empowering Your Users: Maximizing the Content Management Experience
Empowering Your Users: Maximizing the Content Management ExperienceEmpowering Your Users: Maximizing the Content Management Experience
Empowering Your Users: Maximizing the Content Management ExperienceJeffrey Rondeau
 
Cybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection serverCybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection serverAmit Serper
 
Data Migration Approach to SAP ISU CRM ECC.pdf
Data Migration Approach to SAP ISU CRM ECC.pdfData Migration Approach to SAP ISU CRM ECC.pdf
Data Migration Approach to SAP ISU CRM ECC.pdfssuser97273c
 
Indigo vision company overview 2018
Indigo vision company overview 2018Indigo vision company overview 2018
Indigo vision company overview 2018Cartronic Group
 
500 Startups | IP 101 | Traklight
500 Startups | IP 101 | Traklight500 Startups | IP 101 | Traklight
500 Startups | IP 101 | TraklightTraklight.com
 
OSGi Technology and IP-Based Video Surveillance in HomeSecurity, Access Contr...
OSGi Technology and IP-Based Video Surveillance in HomeSecurity, Access Contr...OSGi Technology and IP-Based Video Surveillance in HomeSecurity, Access Contr...
OSGi Technology and IP-Based Video Surveillance in HomeSecurity, Access Contr...mfrancis
 
Sitecore Symposium 2018 - Cooking Up Smart Product Recommendations for Siteco...
Sitecore Symposium 2018 - Cooking Up Smart Product Recommendations for Siteco...Sitecore Symposium 2018 - Cooking Up Smart Product Recommendations for Siteco...
Sitecore Symposium 2018 - Cooking Up Smart Product Recommendations for Siteco...John Montes
 
Beyond the Phish with GTRI and Wombat Security Technologies
Beyond the Phish with GTRI and Wombat Security TechnologiesBeyond the Phish with GTRI and Wombat Security Technologies
Beyond the Phish with GTRI and Wombat Security TechnologiesZivaro Inc
 
Getting Started with IBM i Security
Getting Started with IBM i Security Getting Started with IBM i Security
Getting Started with IBM i Security HelpSystems
 
Sitecore Symposium 2018 - Supercharge Your Author Experience With Machine Lea...
Sitecore Symposium 2018 - Supercharge Your Author Experience With Machine Lea...Sitecore Symposium 2018 - Supercharge Your Author Experience With Machine Lea...
Sitecore Symposium 2018 - Supercharge Your Author Experience With Machine Lea...Mark Stiles
 
So you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howSo you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howJoe McCray
 

Ähnlich wie Gamification and Security Talk (20)

Power center 10.4 getting started .pdf
Power center 10.4 getting started .pdfPower center 10.4 getting started .pdf
Power center 10.4 getting started .pdf
 
iGCSE Theory Unit 6 – Effects of Using ICT
iGCSE Theory Unit 6 – Effects of Using ICTiGCSE Theory Unit 6 – Effects of Using ICT
iGCSE Theory Unit 6 – Effects of Using ICT
 
Adelphi consulting understanding film and intellectual property presentation ...
Adelphi consulting understanding film and intellectual property presentation ...Adelphi consulting understanding film and intellectual property presentation ...
Adelphi consulting understanding film and intellectual property presentation ...
 
Protecting your business ideas including crowdfunding
Protecting your business ideas including crowdfundingProtecting your business ideas including crowdfunding
Protecting your business ideas including crowdfunding
 
Don’t Play with the Law
Don’t Play with the LawDon’t Play with the Law
Don’t Play with the Law
 
Traklight | 85 Broads How to Prepare for Funding | IP
Traklight | 85 Broads How to Prepare for Funding | IPTraklight | 85 Broads How to Prepare for Funding | IP
Traklight | 85 Broads How to Prepare for Funding | IP
 
Intel ISEF Symposium Protecting your Ideas
Intel ISEF Symposium Protecting your Ideas Intel ISEF Symposium Protecting your Ideas
Intel ISEF Symposium Protecting your Ideas
 
Empowering Your Users: Maximizing the Content Management Experience
Empowering Your Users: Maximizing the Content Management ExperienceEmpowering Your Users: Maximizing the Content Management Experience
Empowering Your Users: Maximizing the Content Management Experience
 
Cybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection serverCybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection server
 
Data Migration Approach to SAP ISU CRM ECC.pdf
Data Migration Approach to SAP ISU CRM ECC.pdfData Migration Approach to SAP ISU CRM ECC.pdf
Data Migration Approach to SAP ISU CRM ECC.pdf
 
Technology-protection
Technology-protectionTechnology-protection
Technology-protection
 
Indigo vision company overview 2018
Indigo vision company overview 2018Indigo vision company overview 2018
Indigo vision company overview 2018
 
44CON Hacking Enterprises
44CON Hacking Enterprises44CON Hacking Enterprises
44CON Hacking Enterprises
 
500 Startups | IP 101 | Traklight
500 Startups | IP 101 | Traklight500 Startups | IP 101 | Traklight
500 Startups | IP 101 | Traklight
 
OSGi Technology and IP-Based Video Surveillance in HomeSecurity, Access Contr...
OSGi Technology and IP-Based Video Surveillance in HomeSecurity, Access Contr...OSGi Technology and IP-Based Video Surveillance in HomeSecurity, Access Contr...
OSGi Technology and IP-Based Video Surveillance in HomeSecurity, Access Contr...
 
Sitecore Symposium 2018 - Cooking Up Smart Product Recommendations for Siteco...
Sitecore Symposium 2018 - Cooking Up Smart Product Recommendations for Siteco...Sitecore Symposium 2018 - Cooking Up Smart Product Recommendations for Siteco...
Sitecore Symposium 2018 - Cooking Up Smart Product Recommendations for Siteco...
 
Beyond the Phish with GTRI and Wombat Security Technologies
Beyond the Phish with GTRI and Wombat Security TechnologiesBeyond the Phish with GTRI and Wombat Security Technologies
Beyond the Phish with GTRI and Wombat Security Technologies
 
Getting Started with IBM i Security
Getting Started with IBM i Security Getting Started with IBM i Security
Getting Started with IBM i Security
 
Sitecore Symposium 2018 - Supercharge Your Author Experience With Machine Lea...
Sitecore Symposium 2018 - Supercharge Your Author Experience With Machine Lea...Sitecore Symposium 2018 - Supercharge Your Author Experience With Machine Lea...
Sitecore Symposium 2018 - Supercharge Your Author Experience With Machine Lea...
 
So you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howSo you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you how
 

Kürzlich hochgeladen

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 

Kürzlich hochgeladen (20)

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 

Gamification and Security Talk

  • 1. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Gamification and Security Jason Hong, PhD CTO and Co-Founder Wombat Security Technologies
  • 2. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Today’s Topics • Non-Security Examples of Gamification – Give examples of diversity and range of ideas – Step back, talk about core ideas and mechanisms • Gamification for Security • Effectiveness of Gamification
  • 3. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Lots of Examples of Gamification
  • 4. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Directly Turning Activity into a Game • http://www.thefuntheory.com/
  • 5. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Directly Turning Activity into a Game
  • 6. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Directly Turning Activity into a Game
  • 7. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Indirectly Making Things into a Game
  • 8. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Indirectly Making Things into a Game
  • 9. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. World of Warcraft Achievements
  • 10. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Extreme Lengths for Achievements • Car mechanic needed to add 40 more hours to the 50 he had already spent playing Perfect Dark Zero to earn the last achievements
  • 11. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Coding Achievements in Visual Studio • Fun achievements – Lonely: Coding on Fri or Sat night – Potty Mouth: use five different curse words • Highlight “hidden” features – Extensions Junkie: install 5 extensions – Casual Observer: use debugging features – Cheater: use IntelliTrace Menu 10x
  • 12. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Why Gamification? • Increased stickiness – Loyalty cards • Opening up possibilities, setting goals – Beer passport, Visual Studio achievements • Make boring activities fun – Piano stairs, FitBit, pedometer • Increased revenues – WoW for-pay steeds (showing off)
  • 13. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. What Motivates People? • Social utility – Reciprocity – Identification with group – Altruism • External personal value – Reinforcement – Pay – Privilege – Reputation • Intrinsic value of task – Fun – Curiosity – Challenge
  • 14. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Motivations and Gamification • Extrinsic – Publicly visible forms of reputation, rank – Prestige within a community – Privilege (special access, early access) • Intrinsic – Fun (make a boring activity fun) – Challenge (set high goals for oneself) • Social – Fun, chatting and socializing with others
  • 15. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Example: . • Goal: Get mobility data from people, get people to go to cafés / stores / etc • Extrinsic – Publicly visible achievements – Points for going to unusual places – Discounts if mayor (sometimes) • Intrinsic – Makes going to places more fun – Learn more places in city
  • 16. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Example: Visual Studio • Goal: Get people to learn more about and use features in Visual Studio • Extrinsic – Points (note that some fun ones offer 0 points, to disincentivize stupidity) • Intrinsic – Funny achievements – Joy of unexpected achievements
  • 17. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Today’s Topics • Non-Security Examples of Gamification • Gamification for Security • Effectiveness of Gamification
  • 18. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Directly Gamifying Security • Direct – Anti-Phishing Phil – Security Training Platform – CyberCIEGE – Shostack's Elevation of Privilege Game • Indirect – ???
  • 19. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Micro-Games for Cyber Security • Training doesn’t have to be long & boring • Micro game format, play for short time • Two-thirds of Americans played a video game in past six months • Not just young people – Average game player 35 years old – 25% of people over 50 play games • Not just males – 40% of casual gamers women
  • 20. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.
  • 21. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.
  • 22. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.
  • 23. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Wombat’s Security Training Platform
  • 24. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. CyberCIEGE • Users spend virtual money to operate and defend their networks, and can watch the consequences of their choices, while under attack • Free for US gov and educational, eval copy for other orgs
  • 25. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.
  • 26. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Elevation of Privilege • Get your developers to think more about threat modeling – Spoofing – Tampering – Repudiation – Information Disclosure – Denial of Service • http://www.microsoft.com/security/sdl/adopt/eop.aspx
  • 27. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Indirectly Gamifying Security • Not much work done here – Also not clear to me what a good angle of attack is • Turn security into a meta-game – Ex. Achievements for completing training? – Ex. Points for doing ongoing training (perhaps link with ability to spend points)? – Ex. Limit how far individuals can go (require social or group effort, similar to Farmville)? – Ex. Competition between groups in an org
  • 28. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Effects of Gamification? • Phil, very good results with just 15 min of play – Over 100k people playing it in first month – Marked improvement (4517 people selected)
  • 29. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Effects of Gamification? • In our studies of foursquare, major reasons for using it (in rough order of strength) – Badges and Fun – Social connection – Place discovery – Keeping track of places – A game you can play by yourself • Other research found people who check-in more correlated with more knowledge of city
  • 30. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Effects of Gamification • Gamification not a panacea – Wii Fit found to be fun but not effective for family fitness (Scott Owens) – “Several recent studies have found that young people often grow bored with exergaming. Three months into a recent six-month study of the effects of a dance game, for instance, only 2 of the 21 children participating were still using the game at least twice a week.” (NYTimes) – “But there may be another, unexpected group for whom exergaming might be extremely beneficial: grandparents.”
  • 31. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Summary • Lots of real-world examples of gamification – Directly turning something into a game – Indirectly offering game-like mechanisms • Motivations – Intrinsic, extrinsic, social • Gamification for security – A few examples, still in early stages – Not entirely clear yet what does and doesn’t work
  • 32. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. Extras
  • 33. © Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc.© Wombat Security Technologies, Inc. All rights reserved. Wombat Security Technologies name, logo, PhishPatrol® and PhishGuru® are all trademarks of Wombat Security Technologies, Inc. MySecureCyberspace

Hinweis der Redaktion

  1. Picture from http://carolineasmussen.com/the-fun-theory/piano-staircase/
  2. Wii Fit
  3. FitBit and PedometerTurns an existing activity into a game
  4. Foursquare achievementsAlso turns an existing activity into a game, but also gives specific goals to achieve
  5. Some achievements are actually built into a game (and have points).Other achievements are ones that you can show off to others, e.g. rare items or rare mountsIn this case, Blizzard also turned this desire to show off into a business model, selling virtual items for real money (this is a picture of the Celestial Steed)
  6. http://gamestudies.org/1101/articles/jakobssonSome people get really obsessed with achievements
  7. http://www.geekwire.com/2012/coding-fun-microsofts-visual-studio-badges-leaderboard/
  8. Note that “paying people” is not here for extrinsic, as one of the mainpoints of gamification is to avoid paying peopleExamples of publicly visible forms of reputation and rank: leaderboards, badgesOther extrinsic motivators: currency
  9. People seem split about look and feel of Phil, so in our other training, we went for more corporate look
  10. http://cisr.nps.edu/cyberciege/
  11. Lindqvist et al, I'm the Mayor of My House: Examining Why People Use foursquareBentley et al, Drawing the City: Differing Perceptions of the Urban Environment
  12. http://www.weightymatters.ca/2010/02/bad-news-for-wii-fit-curing-childhood.htmlhttp://well.blogs.nytimes.com/2010/12/01/phys-ed-why-wii-fit-is-best-for-grandparents/?src=twt&twt=taraparkerpope