SlideShare a Scribd company logo

Corporate Cybersecurity: A Serious Game

T
Tatainteractive1

http://tatainteractive.com/ - A comprehensive cyber security-training program in an organization needs to be multi-tiered and nuanced to be effective. Tata Interactive Systems cybersecurity training curriculum leverages games and simulations to improve the profile of your business. It is also ideal for students who are currently working full-time and are aspiring cybersecurity professionals. TIS can help you to learn more, please visit!

Software
1 of 14
Download to read offline
© 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com Corporate Cybersecurity: A Serious Game By Roohi Nazki Senior Consultant - Instructional Design
© 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com Introduction The heavy cost of cyber crime and its exponential increase, year to year, are a source of grave and costly concern to the corporate world. Not only is the frequency of cyber attacks getting more and more alarming every year,the attacks themselves are scaling new heights of sophistication and stealth. A combination of these two factors is putting businesses at a serious disadvantage.As they are finding it more and more difficult to respond quickly to these security breaches.Research indicates that in 2012 it took a business 24 to 40 days to identify an attack and completely resolve it.Each cleanup is said to have cost $592,000. This cleanup cost shows a 42% increase from the average reported 2011 cleanup cost of $416,000. Cyber crime cost U.S. business $8.9 million in 2012.The cost showed an increase of 6% from 2011 and 38% from 2010.(2012 Cost of Cyber Crime Study).
© 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com BYOD The increasing trend of BYOD at work places is the trojan horse of the virtual world.All kinds of smart devices,including phones, are making their way into the workplace. With these devices having access to an organization’s networks,each one is virtually acting as a possoible gateway for attackers.In view of the physical proximity of these devices to secured data sources, Near Field Communication capabilities will be used in 2013 for combatting cyber crimes. Cybersecurity Landscape in 2013 Top Security Threats to Businesses in 2013 Insider Threat 70% of cyber security breaches occur due to the human factor or the “insider threat.” Research shows that nearly half of the employers worldwide rely on their trusting the employees not to access confidential data. However, the significant problem is unintentional and careless mistakes made by employees, owing to lack of awareness. Social Media Given its growing influence, especailly in online revenue oriented activities, social media will be the biggest source of cyber crime in the year to come. In 2013, social media sites will be the most targetted sites by cyber criminals looking for all kinds of personal, financial, and social security data. Socail networks like Facebook and LinkedIn can be misused for manipulating people into performing actions or divulging confidential information. Attackers are also increasing their use of social engineering, which has now moved to social networks such as Facebook and LinkedIn.
© 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com Cloud Computing The increasing trend of cloud computing, wherein more companies put more information in public cloud services, is a big risk. These services can represent a single point of failure for the enterprise. For businesses, this means that security must continue to be an important part of the conversation they have with cloud providers,and the needs of the business should be made clear. HTML5 HTML5’s cross-platform support and integration of various technologies renders it vulnerable to attack. The newness of it means that attackers will be lying in wait for developers to make mistakes as they use it, and take advantage of the mistakes. Other threats that will concern businesses in the near future include the following:
© 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com Types of Attacks in 2013 » Advanced Persistent Threat (APT) hacking attacks that use illegal means to get continuing and persistent access to exfiltration of data. » These high end attacks breach the organizational walls. » The newer versions of APTs are not only difficult to detect but also challeging to prevent with the help of standard practices.hence they need constantly innovating security systems. APTs » Ransomware is a type of malware. It is used for extortion. The attacker distributes malware that either encrypts the contents of a system or locks it.The attacker then demands money from the victim in exchange for releasing the data and/or unlocking the system. » There is no gurantee that the attacker wil release data or unlock the sysem once the payment is made.The integrity of the data remains a concernifaccessisrestored.Itisexpectedthat2013willseesuchtype of malware and delivery mechanisms become more sophisticated. Ransomware » Attacks carried out as cyber protests for politically or socially motivated purposes, or “just because they can” have increased, and are expected to continue in 2013. Common strategies used by hactivist groups include denial of service attacks and web-based attacks,such as SQL Injections. » Once a system is compromised,the attacker will harvest data,such as user credentials,to gain access to additional data,emails,credentials, credit card data and other sensitive information. Hactivism » Spear phishing is a deceptive communication, seeking to obtain unauthorized access to personal or sensitive data. It includes e-mail, text or tweet,targeting a specific individual.Spear phishing attempts are usually motivated by financial gain, trade secrets or sensitive information. Spear Phishing Attacks
© 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com What Options do Businesses Have? How can businesses lower their cyber crime-related costs? In the United States, businesses with the lowest relative cyber crime costs tend to have good information security governance programs, use some type of security intelligence and include training and education on cybersecurity for their employees. Cutting edge cybersecurity training, especially simulations and games,is slated to play the biggest and most effective role in stalling cyber crimes and minimizing its costs to businesses. Training to Change the Game The strongest cyber security systems cannot provide effective protection against cyber attacks because 70% of cyber security breaches occur due to the human factor or the ‘insider threat’. Employees represent the key to reducing the human error factor and improving general organizational cyber security. More than half of the reported breaches are caused by unintentional mistakes made by the employees. Security Intelligence Tools Cybersecurity Training - Simulations - Games Information Security Governance Programs Research by Interactive software training solution experts reveals that training can reduce employee’s susceptibility to security attacks by over 70%.
© 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com This is leading to a growing consensus – in government and in the private sector - that more training and education are needed as these lead to more responsible behavior. Visionary companies are moving from a reactive, defensive mode to a more pro-active approach,linking information security back to business strategy and putting in place mechanisms to ensure it. The TIS Promise TIS’bouquet of offerings in this area include the following: • TIS Cybersecurity Training Needs Consulting • TIS Cybersecurity Training Curriculum • TIS Cybersecurity Training Measurement TIS Cybersecurity Training Needs Consulting Entails: • Understanding key challenges associated with the specific infrastructure • Gathering analytics on an organization’s weaknesses • Identifying vulnerabilities that can be addressed through training • Interviews with multiple personnel related to the training including stakeholders,learners,and management Output: • A report or matrix,outlining training required,preferred/recommended and prioritization • A recommended mix of delivery modes like eLearning,ILT,and blends • A roadmap with milestones and expected dates for implementation of the curriculum and portal development phase Phase 1: Training Needs Consultancy Individualized,fact- gathering process that maps the systems,needs, and vulnerabilities of an organization to determine training requirements. Phase 2: Curriculum & Portal Development Training requirements are mapped to the various components of our umbrella-training curriculum to develop a customized training solution. Phase 3: Training Measurement As training rolls out,a measuring training & learning effectiveness consultancy is conducted to evaluate, analyze,and revisit the design.
© 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com TIS Cybersecurity Training Curriculum A comprehensive cyber security-training program in an organization needs to be multi-tiered and nuanced to be effective. It needs to take into account the types of users, their skill levels, work profiles and roles, and the security and IT infrastructure of the company. Besides developing a training curriculum, this phase also entails development of a portal for performance tracking. Entails: • Pedagogy Design and Assessment Strategy • Curriculum Outline • Prototype Development • Development of Storyboards and Assets • Development of Integrated Products • Portal Design and Integration Output: • WBTs and Learning Nuggets • Simulations and Games • ARGs and Virtual Labs • Mobile Apps • Portal and Performance Tracking Types of Solutions Our cybersecurity training curriculum leverages games and simulations to improve the cybersecurity profile of a business and move it away from a punitive and “check the box” mentality that unfortunately seems to inform most cybersecurity training initiatives at present. Traditional training has its limitations.When it comes to cyber security training these limitations become more pronounced. The varied user base, motivation levels of users but above all the dynamic and rapidly changing nature of the threats themselves demand an innovative and hands on approach to training. The pedagogy and design of our solutions delivers fun and engaging learning that allows the learner to be in control.
© 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com Our cybersecurity curriculum includes the following: • Serious Games • Simulations • Gamification • Virtual Labs • Apps • Tournaments Serious Games & Simulations Games are powerful tools – of fun and learning. Cybersecurity training lends itself to this concept due to the nature of the subject matter.The average person will ignore or forget content from emails with security warnings or company lectures when it comes time to actually applying that knowledge. Serious games ensure a hands-on, non-scripted experience inside a realistic environment that fosters situational awareness, complex decision-making and attention to detail. Learner motivation and therefore the effectiveness of any training program soar if one is able to immerse learners in a game in which they play a critical role.Games are part of our curriculum for awareness,Compliance and Specialized training. Simulations Simulations are the most effective training format for cybersecurity training. The USP of a simulation is that it presents scenarios that challenge learners at just the right level and then pushes them to the kind of expertise they need to attain. Simulations are part of our curriculum for Compliance, Specialized and Policy training. Gamification Gamification is an excellent tool for cybersecurity awareness training as engaging security awareness training needs to be done in a non-threatening and non-challenging environment so that end-users feel less threatened to ask questions,are able to have open dialogue and increase their knowledge of how to protect online identities,as well as corporate information.Gamification is the
© 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com use of mechanics of gaming to nongame activities to change people’s behavior. It is an important and powerful new strategy for influencing and motivating groups of people. Micro-games with a cyber security awareness twist designed around key security threats like social engineering,password protection,phishing,malware etc., are an effective way to demystify cybersecurity and ensure performance improvements in responding to attacks and thereby reducing an organizations susceptibility to attack. Virtual Labs The application of virtualization technologies to the study of computer security has had the most significant impact through the development of specialized laboratories utilizing workstation or server based virtualization. Virtual labs support cybersecurity research and education,training,and awareness.The labs are characterized by innovation and variety. Virtual Labs are part of our curriculum for Specialized training. APPS Apps are addictive and ubiquitous. The ‘engagement quotient’ of Apps is very high. Almost every smartphone user uses some or the other App in their day- to-day life. They ensure appealing interactivity, heightened usability and user engagement. In the field of education and training too Apps are making a significant impact. Our App for cybersecurity training uses these features to its advantage. Apps are part of each component in our cybersecurity curriculum.They provide performance support and ongoing refresher learning support. TIS Cybersecurity Training Measurement Consultancy Entails: • Analyzing and examining Level 1 effectiveness reports and data from portal and checking the levels of participant satisfaction • Analyzing and utilizing Level 2 effectiveness reports and data, including performance reports from the LMS to check the levels of effectiveness in post-training phase • Identifying potential courses and sample sizes for piloting effectiveness cycles for Levels 1 through 5
© 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com Output: • A consistent and uniform approach to learning effectiveness through implementation of level 1-5 measures. • Set of scorecards that would contain the key data from levels 1-3 (eventually Levels 4 and 5 as well) showing critical data from the detailed program level to the L&D summary level • Responsibility matrix for database, ensuring data & scorecard integrity &integration,tracking progress against the goals • Survey and data collection instruments that would assist in implementing the 5 levels of learning effectiveness TIS Case Study UMUC: Master of Science in Cybersecurity Day in the Life: A Dynamic Cybersecurity Simulation Solution Test Drive your WorkdayToday The Client Founded in 1947,University of Maryland University College (UMUC) is one of 11 accredited, degree-granting institutions in the University System of Maryland (USM). Offering a broad range of cutting-edge classes, UMUC has earned a global reputation for excellence as a comprehensive virtual university and for focusing on the unique educational and professional development needs of adult students. Headquartered in Adelphi, Maryland, UMUC has classroom locations in the Washington, D.C., metropolitan area, Europe, and Asia, and provides award-winning online classes to students worldwide. At the University of Maryland University College, we engaged TIS to assist us with the development of media and learning objects in support of a very large and strategically important online program in cybersecurity. We have been very pleased with TIS’s work on this project. The synergies between their team and our faculty and staff have been excellent. Their technical expertise and ability to scale are impressive. They have delivered high-end course development of which we are very proud, and they have accomplished this on time and within budget. Greg von Lehmen, Ph.D Provost UMUC
© 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com Training Need The Day in the Life module was developed as part of a larger training program for UMUC. UMUC offers Bachelor’s and Master’s degrees in Cybersecurity, through a course that is completely online. Students who are currently working full-time can thus take this course while keeping their jobs, enabling them to apply for cybersecurity job roles. UMUC felt that while the standard web-based training approach was of merit, learners also needed to relate their cybersecurity learning to the real world. With this in mind, UMUC desired a simulation-based approach that learners could play towards the end of the course. Figure 1:Welcome:The learner is introduced to the simulation. Learning Gaps/Problems To identify any shortcomings and gaps in learning, the TIS team engaged in a discussion with the stakeholders at UMUC to identify learning gaps of students. The issues that came across were: • Inability to map cybersecurity issues learnt online to actual issues in the real-life job • Managing people is part of good cybersecurity; handling them correctly is difficult to learn from web-based training alone • Lack of a ‘fun’ aspect to learning cybersecurity; learners needed a break from a rigorous online course schedule
© 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com Figure 2:Colleague Profiles:The learner is introduced to the people that they’ll work with. Design Thinking TIS professionals then used these findings to drive the design thinking,with the following objectives being used to design the solution: 1. Ground the students in the day-to-day responsibilities of a cybersecurity professional. 2. Test their ability to make decisions related to cybersecurity. 3. Engage them in the solution for better learning by introducing elements of prioritization, time pressure, and immediate real-life feedback through e-mails,phone calls,and face-to-face conversations. 4. Apprise them of the consequences of botched decisions through the use of appropriately delivered feedback Figure 3: A Scenario-related Call: Learners are asked to navigate scenarios based on e-mails, calls,or face-to-face conversations
© 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com Sources References: http://www.forbes.com 2012 Cost of Cyber Crime Study http://www.ponemon.org/library/2012-cost-of-cyber-crime-study

Recommended

idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutionsJonny Nässlander
 
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams Arun Chinnaraju MBA, PMP, CSM, CSPO, SA
 
September 2019 part 9
September 2019 part 9September 2019 part 9
September 2019 part 9seadeloitte
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attackerseadeloitte
 
Cyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementCyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementseadeloitte
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
 
June 2017 - Your Biggest Risk Could Be You
June 2017 - Your Biggest Risk Could Be YouJune 2017 - Your Biggest Risk Could Be You
June 2017 - Your Biggest Risk Could Be Youseadeloitte
 

Recommended

idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutionsJonny Nässlander
 
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams Arun Chinnaraju MBA, PMP, CSM, CSPO, SA
 
September 2019 part 9
September 2019 part 9September 2019 part 9
September 2019 part 9seadeloitte
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attackerseadeloitte
 
Cyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementCyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementseadeloitte
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
 
June 2017 - Your Biggest Risk Could Be You
June 2017 - Your Biggest Risk Could Be YouJune 2017 - Your Biggest Risk Could Be You
June 2017 - Your Biggest Risk Could Be Youseadeloitte
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 securityat MicroFocus Italy ❖✔
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-SecurityTara Gravel
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationNexon Asia Pacific
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response SurveyFireEye, Inc.
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021Management Events
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionEMC
 
Account Takeover: The Best Practices for Full Protection
Account Takeover: The Best Practices for Full ProtectionAccount Takeover: The Best Practices for Full Protection
Account Takeover: The Best Practices for Full ProtectionKalin Hitrov
 
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...CSCJournals
 
Kaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksKaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksConstantin Cocioaba
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber ResilienceIan-Edward Stafrace
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletterDominic Vogel
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdSusan Darby
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRBill Besse
 
Building your-dream-cyber-team
Building your-dream-cyber-teamBuilding your-dream-cyber-team
Building your-dream-cyber-teamKleomenis Symeon
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-Study2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-StudyTam Nguyen
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyOrganization
 

More Related Content

What's hot

Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-SecurityTara Gravel
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationNexon Asia Pacific
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response SurveyFireEye, Inc.
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021Management Events
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionEMC
 
Account Takeover: The Best Practices for Full Protection
Account Takeover: The Best Practices for Full ProtectionAccount Takeover: The Best Practices for Full Protection
Account Takeover: The Best Practices for Full ProtectionKalin Hitrov
 
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...CSCJournals
 
Kaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksKaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksConstantin Cocioaba
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdSusan Darby
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRBill Besse
 
Building your-dream-cyber-team
Building your-dream-cyber-teamBuilding your-dream-cyber-team
Building your-dream-cyber-teamKleomenis Symeon
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-Study2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-StudyTam Nguyen
 

What's hot (20)

Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 security
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-Security
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformation
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response Survey
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud Prevention
 
Account Takeover: The Best Practices for Full Protection
Account Takeover: The Best Practices for Full ProtectionAccount Takeover: The Best Practices for Full Protection
Account Takeover: The Best Practices for Full Protection
 
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
 
Kaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksKaspersky: Global IT Security Risks
Kaspersky: Global IT Security Risks
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletter
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sd
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LR
 
Building your-dream-cyber-team
Building your-dream-cyber-teamBuilding your-dream-cyber-team
Building your-dream-cyber-team
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
 
2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-Study2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-Study
 

Similar to Corporate Cybersecurity: A Serious Game

White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyOrganization
 
8Cyber security courses in Bangladesh.docx
8Cyber security courses in Bangladesh.docx8Cyber security courses in Bangladesh.docx
8Cyber security courses in Bangladesh.docxArindamGhosal6
 
Best Cyber Security Courses In Bangladesh.docx
Best Cyber Security Courses In Bangladesh.docxBest Cyber Security Courses In Bangladesh.docx
Best Cyber Security Courses In Bangladesh.docxArindamGhosal6
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCybAnastaciaShadelb
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemBernard Marr
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber securitySAHANAHK
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeErnst & Young
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeNishantSisodiya
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondLydia Shepherd
 
How Enterprises Can Strengthen Their Threat Detection and Response.pdf
How Enterprises Can Strengthen Their Threat Detection and Response.pdfHow Enterprises Can Strengthen Their Threat Detection and Response.pdf
How Enterprises Can Strengthen Their Threat Detection and Response.pdfEnterprise Insider
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Discussion 1 Importance of Technology Security EducationToday t.docx
Discussion 1 Importance of Technology Security EducationToday t.docxDiscussion 1 Importance of Technology Security EducationToday t.docx
Discussion 1 Importance of Technology Security EducationToday t.docxcuddietheresa
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyMark Albala
 

Similar to Corporate Cybersecurity: A Serious Game (20)

White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
 
8Cyber security courses in Bangladesh.docx
8Cyber security courses in Bangladesh.docx8Cyber security courses in Bangladesh.docx
8Cyber security courses in Bangladesh.docx
 
Best Cyber Security Courses In Bangladesh.docx
Best Cyber Security Courses In Bangladesh.docxBest Cyber Security Courses In Bangladesh.docx
Best Cyber Security Courses In Bangladesh.docx
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data Problem
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber security
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber security
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respond
 
Cyber threat forecast 2018..
Cyber threat forecast 2018..Cyber threat forecast 2018..
Cyber threat forecast 2018..
 
How Enterprises Can Strengthen Their Threat Detection and Response.pdf
How Enterprises Can Strengthen Their Threat Detection and Response.pdfHow Enterprises Can Strengthen Their Threat Detection and Response.pdf
How Enterprises Can Strengthen Their Threat Detection and Response.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Discussion 1 Importance of Technology Security EducationToday t.docx
Discussion 1 Importance of Technology Security EducationToday t.docxDiscussion 1 Importance of Technology Security EducationToday t.docx
Discussion 1 Importance of Technology Security EducationToday t.docx
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
 

Recently uploaded

Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....kzayra69
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfLivetecs LLC
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfStefano Stabellini
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 

Recently uploaded (20)

Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdf
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdf
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 

Corporate Cybersecurity: A Serious Game

  • 1. © 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com Corporate Cybersecurity: A Serious Game By Roohi Nazki Senior Consultant - Instructional Design
  • 2. © 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com Introduction The heavy cost of cyber crime and its exponential increase, year to year, are a source of grave and costly concern to the corporate world. Not only is the frequency of cyber attacks getting more and more alarming every year,the attacks themselves are scaling new heights of sophistication and stealth. A combination of these two factors is putting businesses at a serious disadvantage.As they are finding it more and more difficult to respond quickly to these security breaches.Research indicates that in 2012 it took a business 24 to 40 days to identify an attack and completely resolve it.Each cleanup is said to have cost $592,000. This cleanup cost shows a 42% increase from the average reported 2011 cleanup cost of $416,000. Cyber crime cost U.S. business $8.9 million in 2012.The cost showed an increase of 6% from 2011 and 38% from 2010.(2012 Cost of Cyber Crime Study).
  • 3. © 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com BYOD The increasing trend of BYOD at work places is the trojan horse of the virtual world.All kinds of smart devices,including phones, are making their way into the workplace. With these devices having access to an organization’s networks,each one is virtually acting as a possoible gateway for attackers.In view of the physical proximity of these devices to secured data sources, Near Field Communication capabilities will be used in 2013 for combatting cyber crimes. Cybersecurity Landscape in 2013 Top Security Threats to Businesses in 2013 Insider Threat 70% of cyber security breaches occur due to the human factor or the “insider threat.” Research shows that nearly half of the employers worldwide rely on their trusting the employees not to access confidential data. However, the significant problem is unintentional and careless mistakes made by employees, owing to lack of awareness. Social Media Given its growing influence, especailly in online revenue oriented activities, social media will be the biggest source of cyber crime in the year to come. In 2013, social media sites will be the most targetted sites by cyber criminals looking for all kinds of personal, financial, and social security data. Socail networks like Facebook and LinkedIn can be misused for manipulating people into performing actions or divulging confidential information. Attackers are also increasing their use of social engineering, which has now moved to social networks such as Facebook and LinkedIn.
  • 4. © 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com Cloud Computing The increasing trend of cloud computing, wherein more companies put more information in public cloud services, is a big risk. These services can represent a single point of failure for the enterprise. For businesses, this means that security must continue to be an important part of the conversation they have with cloud providers,and the needs of the business should be made clear. HTML5 HTML5’s cross-platform support and integration of various technologies renders it vulnerable to attack. The newness of it means that attackers will be lying in wait for developers to make mistakes as they use it, and take advantage of the mistakes. Other threats that will concern businesses in the near future include the following:
  • 5. © 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com Types of Attacks in 2013 » Advanced Persistent Threat (APT) hacking attacks that use illegal means to get continuing and persistent access to exfiltration of data. » These high end attacks breach the organizational walls. » The newer versions of APTs are not only difficult to detect but also challeging to prevent with the help of standard practices.hence they need constantly innovating security systems. APTs » Ransomware is a type of malware. It is used for extortion. The attacker distributes malware that either encrypts the contents of a system or locks it.The attacker then demands money from the victim in exchange for releasing the data and/or unlocking the system. » There is no gurantee that the attacker wil release data or unlock the sysem once the payment is made.The integrity of the data remains a concernifaccessisrestored.Itisexpectedthat2013willseesuchtype of malware and delivery mechanisms become more sophisticated. Ransomware » Attacks carried out as cyber protests for politically or socially motivated purposes, or “just because they can” have increased, and are expected to continue in 2013. Common strategies used by hactivist groups include denial of service attacks and web-based attacks,such as SQL Injections. » Once a system is compromised,the attacker will harvest data,such as user credentials,to gain access to additional data,emails,credentials, credit card data and other sensitive information. Hactivism » Spear phishing is a deceptive communication, seeking to obtain unauthorized access to personal or sensitive data. It includes e-mail, text or tweet,targeting a specific individual.Spear phishing attempts are usually motivated by financial gain, trade secrets or sensitive information. Spear Phishing Attacks
  • 6. © 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com What Options do Businesses Have? How can businesses lower their cyber crime-related costs? In the United States, businesses with the lowest relative cyber crime costs tend to have good information security governance programs, use some type of security intelligence and include training and education on cybersecurity for their employees. Cutting edge cybersecurity training, especially simulations and games,is slated to play the biggest and most effective role in stalling cyber crimes and minimizing its costs to businesses. Training to Change the Game The strongest cyber security systems cannot provide effective protection against cyber attacks because 70% of cyber security breaches occur due to the human factor or the ‘insider threat’. Employees represent the key to reducing the human error factor and improving general organizational cyber security. More than half of the reported breaches are caused by unintentional mistakes made by the employees. Security Intelligence Tools Cybersecurity Training - Simulations - Games Information Security Governance Programs Research by Interactive software training solution experts reveals that training can reduce employee’s susceptibility to security attacks by over 70%.
  • 7. © 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com This is leading to a growing consensus – in government and in the private sector - that more training and education are needed as these lead to more responsible behavior. Visionary companies are moving from a reactive, defensive mode to a more pro-active approach,linking information security back to business strategy and putting in place mechanisms to ensure it. The TIS Promise TIS’bouquet of offerings in this area include the following: • TIS Cybersecurity Training Needs Consulting • TIS Cybersecurity Training Curriculum • TIS Cybersecurity Training Measurement TIS Cybersecurity Training Needs Consulting Entails: • Understanding key challenges associated with the specific infrastructure • Gathering analytics on an organization’s weaknesses • Identifying vulnerabilities that can be addressed through training • Interviews with multiple personnel related to the training including stakeholders,learners,and management Output: • A report or matrix,outlining training required,preferred/recommended and prioritization • A recommended mix of delivery modes like eLearning,ILT,and blends • A roadmap with milestones and expected dates for implementation of the curriculum and portal development phase Phase 1: Training Needs Consultancy Individualized,fact- gathering process that maps the systems,needs, and vulnerabilities of an organization to determine training requirements. Phase 2: Curriculum & Portal Development Training requirements are mapped to the various components of our umbrella-training curriculum to develop a customized training solution. Phase 3: Training Measurement As training rolls out,a measuring training & learning effectiveness consultancy is conducted to evaluate, analyze,and revisit the design.
  • 8. © 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com TIS Cybersecurity Training Curriculum A comprehensive cyber security-training program in an organization needs to be multi-tiered and nuanced to be effective. It needs to take into account the types of users, their skill levels, work profiles and roles, and the security and IT infrastructure of the company. Besides developing a training curriculum, this phase also entails development of a portal for performance tracking. Entails: • Pedagogy Design and Assessment Strategy • Curriculum Outline • Prototype Development • Development of Storyboards and Assets • Development of Integrated Products • Portal Design and Integration Output: • WBTs and Learning Nuggets • Simulations and Games • ARGs and Virtual Labs • Mobile Apps • Portal and Performance Tracking Types of Solutions Our cybersecurity training curriculum leverages games and simulations to improve the cybersecurity profile of a business and move it away from a punitive and “check the box” mentality that unfortunately seems to inform most cybersecurity training initiatives at present. Traditional training has its limitations.When it comes to cyber security training these limitations become more pronounced. The varied user base, motivation levels of users but above all the dynamic and rapidly changing nature of the threats themselves demand an innovative and hands on approach to training. The pedagogy and design of our solutions delivers fun and engaging learning that allows the learner to be in control.
  • 9. © 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com Our cybersecurity curriculum includes the following: • Serious Games • Simulations • Gamification • Virtual Labs • Apps • Tournaments Serious Games & Simulations Games are powerful tools – of fun and learning. Cybersecurity training lends itself to this concept due to the nature of the subject matter.The average person will ignore or forget content from emails with security warnings or company lectures when it comes time to actually applying that knowledge. Serious games ensure a hands-on, non-scripted experience inside a realistic environment that fosters situational awareness, complex decision-making and attention to detail. Learner motivation and therefore the effectiveness of any training program soar if one is able to immerse learners in a game in which they play a critical role.Games are part of our curriculum for awareness,Compliance and Specialized training. Simulations Simulations are the most effective training format for cybersecurity training. The USP of a simulation is that it presents scenarios that challenge learners at just the right level and then pushes them to the kind of expertise they need to attain. Simulations are part of our curriculum for Compliance, Specialized and Policy training. Gamification Gamification is an excellent tool for cybersecurity awareness training as engaging security awareness training needs to be done in a non-threatening and non-challenging environment so that end-users feel less threatened to ask questions,are able to have open dialogue and increase their knowledge of how to protect online identities,as well as corporate information.Gamification is the
  • 10. © 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com use of mechanics of gaming to nongame activities to change people’s behavior. It is an important and powerful new strategy for influencing and motivating groups of people. Micro-games with a cyber security awareness twist designed around key security threats like social engineering,password protection,phishing,malware etc., are an effective way to demystify cybersecurity and ensure performance improvements in responding to attacks and thereby reducing an organizations susceptibility to attack. Virtual Labs The application of virtualization technologies to the study of computer security has had the most significant impact through the development of specialized laboratories utilizing workstation or server based virtualization. Virtual labs support cybersecurity research and education,training,and awareness.The labs are characterized by innovation and variety. Virtual Labs are part of our curriculum for Specialized training. APPS Apps are addictive and ubiquitous. The ‘engagement quotient’ of Apps is very high. Almost every smartphone user uses some or the other App in their day- to-day life. They ensure appealing interactivity, heightened usability and user engagement. In the field of education and training too Apps are making a significant impact. Our App for cybersecurity training uses these features to its advantage. Apps are part of each component in our cybersecurity curriculum.They provide performance support and ongoing refresher learning support. TIS Cybersecurity Training Measurement Consultancy Entails: • Analyzing and examining Level 1 effectiveness reports and data from portal and checking the levels of participant satisfaction • Analyzing and utilizing Level 2 effectiveness reports and data, including performance reports from the LMS to check the levels of effectiveness in post-training phase • Identifying potential courses and sample sizes for piloting effectiveness cycles for Levels 1 through 5
  • 11. © 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com Output: • A consistent and uniform approach to learning effectiveness through implementation of level 1-5 measures. • Set of scorecards that would contain the key data from levels 1-3 (eventually Levels 4 and 5 as well) showing critical data from the detailed program level to the L&D summary level • Responsibility matrix for database, ensuring data & scorecard integrity &integration,tracking progress against the goals • Survey and data collection instruments that would assist in implementing the 5 levels of learning effectiveness TIS Case Study UMUC: Master of Science in Cybersecurity Day in the Life: A Dynamic Cybersecurity Simulation Solution Test Drive your WorkdayToday The Client Founded in 1947,University of Maryland University College (UMUC) is one of 11 accredited, degree-granting institutions in the University System of Maryland (USM). Offering a broad range of cutting-edge classes, UMUC has earned a global reputation for excellence as a comprehensive virtual university and for focusing on the unique educational and professional development needs of adult students. Headquartered in Adelphi, Maryland, UMUC has classroom locations in the Washington, D.C., metropolitan area, Europe, and Asia, and provides award-winning online classes to students worldwide. At the University of Maryland University College, we engaged TIS to assist us with the development of media and learning objects in support of a very large and strategically important online program in cybersecurity. We have been very pleased with TIS’s work on this project. The synergies between their team and our faculty and staff have been excellent. Their technical expertise and ability to scale are impressive. They have delivered high-end course development of which we are very proud, and they have accomplished this on time and within budget. Greg von Lehmen, Ph.D Provost UMUC
  • 12. © 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com Training Need The Day in the Life module was developed as part of a larger training program for UMUC. UMUC offers Bachelor’s and Master’s degrees in Cybersecurity, through a course that is completely online. Students who are currently working full-time can thus take this course while keeping their jobs, enabling them to apply for cybersecurity job roles. UMUC felt that while the standard web-based training approach was of merit, learners also needed to relate their cybersecurity learning to the real world. With this in mind, UMUC desired a simulation-based approach that learners could play towards the end of the course. Figure 1:Welcome:The learner is introduced to the simulation. Learning Gaps/Problems To identify any shortcomings and gaps in learning, the TIS team engaged in a discussion with the stakeholders at UMUC to identify learning gaps of students. The issues that came across were: • Inability to map cybersecurity issues learnt online to actual issues in the real-life job • Managing people is part of good cybersecurity; handling them correctly is difficult to learn from web-based training alone • Lack of a ‘fun’ aspect to learning cybersecurity; learners needed a break from a rigorous online course schedule
  • 13. © 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com Figure 2:Colleague Profiles:The learner is introduced to the people that they’ll work with. Design Thinking TIS professionals then used these findings to drive the design thinking,with the following objectives being used to design the solution: 1. Ground the students in the day-to-day responsibilities of a cybersecurity professional. 2. Test their ability to make decisions related to cybersecurity. 3. Engage them in the solution for better learning by introducing elements of prioritization, time pressure, and immediate real-life feedback through e-mails,phone calls,and face-to-face conversations. 4. Apprise them of the consequences of botched decisions through the use of appropriately delivered feedback Figure 3: A Scenario-related Call: Learners are asked to navigate scenarios based on e-mails, calls,or face-to-face conversations
  • 14. © 2013 Tata Interactive Systems. All right reserved. www.tatainteractive.com Sources References: http://www.forbes.com 2012 Cost of Cyber Crime Study http://www.ponemon.org/library/2012-cost-of-cyber-crime-study