MalAware: A tabletop exercise for malware security awareness education and incident response training
Advancements in technology, including the Internet of Things (IoT) revolution, have enabled individuals and businesses to use systems and devices that connect, exchange data, and provide real-time information from far and near. Despite that, this interconnectivity and data sharing between systems an...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
KeAi Communications Co., Ltd.
2024-01-01
|
| Series: | Internet of Things and Cyber-Physical Systems |
| Subjects: | |
| Online Access: | http://www.sciencedirect.com/science/article/pii/S2667345224000063 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832585047895441408 |
|---|---|
| author | Giddeon Angafor Iryna Yevseyeva Leandros Maglaras |
| author_facet | Giddeon Angafor Iryna Yevseyeva Leandros Maglaras |
| author_sort | Giddeon Angafor |
| collection | DOAJ |
| description | Advancements in technology, including the Internet of Things (IoT) revolution, have enabled individuals and businesses to use systems and devices that connect, exchange data, and provide real-time information from far and near. Despite that, this interconnectivity and data sharing between systems and devices over the internet poses security and privacy risks as threat actors can intercept, steal, and use owners’ data for nefarious purposes. This paper discusses ’MalAware’, a ‘Malware Awareness Education’ and incident response (IR) scenario-based tabletop exercise and card game for malware threat mitigation training. It introduces the importance of incident management, highlights the dangers posed by malware for connected systems, and outlines the role of tabletop games and exercises in helping businesses mature their malware incident response capabilities. The study discusses the design of MalAware and summarises the results of 2 pilots undertaken to assess the concept, maintaining that the results highlighted the value of ‘MalAware’ as an essential tool to help students and staff master how to mitigate security threats caused by malware. It argues that MalAware can assist businesses in their IR preparedness endeavors, enabling incident management teams to review plans and processes to ensure they are fit for purpose. It enables staff to leverage scenario-based and simulated security breach examples, including role-play, to establish appropriate malware defences. MalAware’s practical hands-on exercises can assist trainees in gaining essential malware and other threat mitigation skills, helping to protect the security and privacy of IoTs. |
| format | Article |
| id | doaj-art-156d08f876324331862183531de61555 |
| institution | Kabale University |
| issn | 2667-3452 |
| language | English |
| publishDate | 2024-01-01 |
| publisher | KeAi Communications Co., Ltd. |
| record_format | Article |
| series | Internet of Things and Cyber-Physical Systems |
| spelling | doaj-art-156d08f876324331862183531de615552025-01-27T04:22:37ZengKeAi Communications Co., Ltd.Internet of Things and Cyber-Physical Systems2667-34522024-01-014280292MalAware: A tabletop exercise for malware security awareness education and incident response trainingGiddeon Angafor0Iryna Yevseyeva1Leandros Maglaras2School of Computer Science and Informatics, De Montfort University, Leicester, UKSchool of Computer Science and Informatics, De Montfort University, Leicester, UKSchool of Computing, Edinburgh Napier University, Edinburgh, UKAdvancements in technology, including the Internet of Things (IoT) revolution, have enabled individuals and businesses to use systems and devices that connect, exchange data, and provide real-time information from far and near. Despite that, this interconnectivity and data sharing between systems and devices over the internet poses security and privacy risks as threat actors can intercept, steal, and use owners’ data for nefarious purposes. This paper discusses ’MalAware’, a ‘Malware Awareness Education’ and incident response (IR) scenario-based tabletop exercise and card game for malware threat mitigation training. It introduces the importance of incident management, highlights the dangers posed by malware for connected systems, and outlines the role of tabletop games and exercises in helping businesses mature their malware incident response capabilities. The study discusses the design of MalAware and summarises the results of 2 pilots undertaken to assess the concept, maintaining that the results highlighted the value of ‘MalAware’ as an essential tool to help students and staff master how to mitigate security threats caused by malware. It argues that MalAware can assist businesses in their IR preparedness endeavors, enabling incident management teams to review plans and processes to ensure they are fit for purpose. It enables staff to leverage scenario-based and simulated security breach examples, including role-play, to establish appropriate malware defences. MalAware’s practical hands-on exercises can assist trainees in gaining essential malware and other threat mitigation skills, helping to protect the security and privacy of IoTs.http://www.sciencedirect.com/science/article/pii/S2667345224000063MalwareTabletop exerciseSecurity awarenessIncident responseTrainingInternet of things |
| spellingShingle | Giddeon Angafor Iryna Yevseyeva Leandros Maglaras MalAware: A tabletop exercise for malware security awareness education and incident response training Internet of Things and Cyber-Physical Systems Malware Tabletop exercise Security awareness Incident response Training Internet of things |
| title | MalAware: A tabletop exercise for malware security awareness education and incident response training |
| title_full | MalAware: A tabletop exercise for malware security awareness education and incident response training |
| title_fullStr | MalAware: A tabletop exercise for malware security awareness education and incident response training |
| title_full_unstemmed | MalAware: A tabletop exercise for malware security awareness education and incident response training |
| title_short | MalAware: A tabletop exercise for malware security awareness education and incident response training |
| title_sort | malaware a tabletop exercise for malware security awareness education and incident response training |
| topic | Malware Tabletop exercise Security awareness Incident response Training Internet of things |
| url | http://www.sciencedirect.com/science/article/pii/S2667345224000063 |
| work_keys_str_mv | AT giddeonangafor malawareatabletopexerciseformalwaresecurityawarenesseducationandincidentresponsetraining AT irynayevseyeva malawareatabletopexerciseformalwaresecurityawarenesseducationandincidentresponsetraining AT leandrosmaglaras malawareatabletopexerciseformalwaresecurityawarenesseducationandincidentresponsetraining |