The role of human factors in cybersecurity is an under-explored area that has a lot of potential towards mitigating attacks. As a result, an SLR that explored human factors in cybersecurity, focusing on phishing, revealed five key human factors that were persistent with phishing related attacks or issues. Based on the results of the SLR, further explorations into threat modelling were conducted to determine how to classify human factor related behaviour and the decisions that are likely behind them or lead towards human error. From here, this information was used to develop a human factor-centred threat model called STRIDE-HF that was implemented into a game called Another Week at the Office (AWATO). The results of further testing of AWATO revealed that is an effective tool for improving users awareness of good cybersecurity practices.
2022, 4th International Conference on HCI in Games, HCI in Games 2022 Held as Part of the 24th HCI International Conference, HCII 2022, Pages 508-529 (volume: 13334)
AWATO: A Serious Game to Improve Cybersecurity Awareness (04b Atto di convegno in volume)
Ferro L. S., Marrella A., Catarci T., Sapio F., Parenti A., DE SANTIS Matteo
ISBN: 978-3-031-05636-9; 978-3-031-05637-6