An Effective Immersive Cyber Security Awareness Learning Platform for Businesses in the Hospitality Sector

2017 IEEE 25th International Requirements Engineering Conference Workshops (REW) Pub Date : 2017-09-01 DOI:10.1109/REW.2017.47

John Holdsworth, E. Apeh

{"title":"An Effective Immersive Cyber Security Awareness Learning Platform for Businesses in the Hospitality Sector","authors":"John Holdsworth, E. Apeh","doi":"10.1109/REW.2017.47","DOIUrl":null,"url":null,"abstract":"The rapid digitalisation of the hospitality industry over recent years has brought forth many new points of attack for consideration. The hasty implementation of these systems has created a reality in which businesses are using the technical solutions, but employees have very little awareness when it comes to the threats and implications that they might present. This gap in awareness is further compounded by the existence of preestablished, often rigid, cultures that drive how hospitality businesses operate. Potential attackers are recognising this and the last two years have seen a huge increase in cyber-attacks within the sector.Attempts at addressing the increasing threats have taken the form of technical solutions such as encryption, access control, CCTV, etc. However, a high majority of security breaches can be directly attributed to human error. It is therefore necessary that measures for addressing the rising trend of cyber-attacks go beyond just providing technical solutions and make provision for educating employees about how to address the human elements of security. Inculcating security awareness amongst hospitality employees will provide a foundation upon which a culture of security can be created to promote the seamless and secured interaction of hotel users and technology.One way that the hospitality industry has tried to solve the awareness issue is through their current paper-based training. This is unengaging, expensive and presents limited ways to deploy, monitor and evaluate the impact and effectiveness of the content. This leads to cycles of constant training, making it very hard to initiate awareness, particularly within those on minimum waged, short-term job roles.This paper presents a structured approach for eliciting industry requirement for developing and implementing an immersive Cyber Security Awareness learning platform. It used a series of over 40 interviews and threat analysis of the hospitality industry to identify the requirements for designing and implementing cyber security program which encourage engagement through a cycle of reward and recognition. In particular, the need for the use of gamification elements to provide an engaging but gentle way of educating those with little or no desire to learn was identified and implemented. Also presented is a method for guiding and monitoring the impact of their employee’s progress through the learning management system whilst monitoring the levels of engagement and positive impact the training is having on the business.","PeriodicalId":382958,"journal":{"name":"2017 IEEE 25th International Requirements Engineering Conference Workshops (REW)","volume":"62 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE 25th International Requirements Engineering Conference Workshops (REW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/REW.2017.47","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 13

Abstract

The rapid digitalisation of the hospitality industry over recent years has brought forth many new points of attack for consideration. The hasty implementation of these systems has created a reality in which businesses are using the technical solutions, but employees have very little awareness when it comes to the threats and implications that they might present. This gap in awareness is further compounded by the existence of preestablished, often rigid, cultures that drive how hospitality businesses operate. Potential attackers are recognising this and the last two years have seen a huge increase in cyber-attacks within the sector.Attempts at addressing the increasing threats have taken the form of technical solutions such as encryption, access control, CCTV, etc. However, a high majority of security breaches can be directly attributed to human error. It is therefore necessary that measures for addressing the rising trend of cyber-attacks go beyond just providing technical solutions and make provision for educating employees about how to address the human elements of security. Inculcating security awareness amongst hospitality employees will provide a foundation upon which a culture of security can be created to promote the seamless and secured interaction of hotel users and technology.One way that the hospitality industry has tried to solve the awareness issue is through their current paper-based training. This is unengaging, expensive and presents limited ways to deploy, monitor and evaluate the impact and effectiveness of the content. This leads to cycles of constant training, making it very hard to initiate awareness, particularly within those on minimum waged, short-term job roles.This paper presents a structured approach for eliciting industry requirement for developing and implementing an immersive Cyber Security Awareness learning platform. It used a series of over 40 interviews and threat analysis of the hospitality industry to identify the requirements for designing and implementing cyber security program which encourage engagement through a cycle of reward and recognition. In particular, the need for the use of gamification elements to provide an engaging but gentle way of educating those with little or no desire to learn was identified and implemented. Also presented is a method for guiding and monitoring the impact of their employee’s progress through the learning management system whilst monitoring the levels of engagement and positive impact the training is having on the business.

查看原文本刊更多论文

为酒店行业的企业提供一个有效的沉浸式网络安全意识学习平台

近年来，酒店业的快速数字化带来了许多新的攻击点。这些系统的仓促实施造成了这样一个现实:企业正在使用技术解决方案，但员工对它们可能带来的威胁和影响知之甚少。这种意识上的差距进一步加剧了预先建立的、往往是僵化的文化的存在，这些文化驱动着酒店企业的运作方式。潜在的攻击者意识到了这一点，过去两年，该行业的网络攻击大幅增加。应对日益增加的威胁的尝试采取了技术解决方案的形式，如加密、访问控制、闭路电视等。然而，绝大多数安全漏洞可以直接归因于人为错误。因此，应对不断上升的网络攻击趋势的措施，不仅要提供技术解决方案，还要为员工提供教育，让他们了解如何解决安全的人为因素。在酒店员工中灌输安全意识将为创建安全文化奠定基础，从而促进酒店用户和技术之间的无缝安全互动。酒店业试图解决意识问题的一种方法是通过他们目前的纸质培训。这是不吸引人的，昂贵的，并且提供了有限的方法来部署，监控和评估内容的影响和有效性。这导致了不断培训的循环，使得很难开始意识到这一点，特别是在那些最低工资的短期工作角色中。本文提出了一种结构化的方法，用于激发开发和实施沉浸式网络安全意识学习平台的行业需求。它使用了一系列超过40次的访谈和对酒店业的威胁分析，以确定设计和实施网络安全计划的要求，通过奖励和认可的循环来鼓励参与。特别是需要使用游戏化元素，以提供一种吸引人但温和的方式来教育那些很少或没有学习欲望的人。此外，还介绍了一种通过学习管理系统指导和监控员工进步影响的方法，同时监控参与程度和培训对业务的积极影响。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 IEEE 25th International Requirements Engineering Conference Workshops (REW)

自引率

0.00%

发文量