Identification of Unintentional Perpetrator Attack Vectors using Simulation Game: A Case Study

Investor logo

Warning

This publication doesn't include Faculty of Arts. It includes Faculty of Informatics. Official publication website can be found on muni.cz.
Authors

MACÁK Martin BOJNÁK Štefan BÜHNOVÁ Barbora

Year of publication 2021
Type Article in Proceedings
Conference Proceedings of the 16th Conference on Computer Science and Intelligence Systems
MU Faculty or unit

Faculty of Informatics

Citation
Web https://ieeexplore.ieee.org/abstract/document/9555700
Doi http://dx.doi.org/10.15439/2021F85
Keywords insider attack; process mining; security; unintentional perpetrator; attack vector; case study
Description In our digital era, insider attacks are among the serious underresearched areas of the cybersecurity landscape. A significant type of insider attack is facilitated by employees without malicious intent. They are called unintentional perpetrators. We proposed mitigating these threats using a simulation-game platform to detect the potential attack vectors. This paper introduces and implements a scenario that demonstrates the usability of this approach in a case study. This work also helps to understand players' behavior when they are not told upfront that they will be a target of social engineering attacks. Furthermore, we provide relevant acquired observations for future research.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.