Users are the most vulnerable link if information systems security, probably because the level of security awareness is extremely poor. Most security awareness programs fail, because they focus on pushing information to people who are less than enthusiastic about receiving it. A properly designed awareness program doesn’t have to be that way, however most programs seem to focus on meeting compliance requirements than actually changing behaviors. Gamification is the practice of applying game principles to business problems; it is not developing a video game. By gamifying security awareness, your users want to practice good security behaviors and voluntarily seek out additional security related training.
This presentation will discuss how to create security awareness programs, and implement gamification techniques that actually make security awareness fun for people. Actual examples of successful gamification techniques will be presented.