What tips can you offer leaders who are looking to incorporate gamification into security awareness training? Is there a simple way to do this internally or is it typically best to seek out a third party service provider?

People & LeadershipSecurity Strategy & RoadmapAwareness & Training
281 views4 Comments
Sort By:
Oldest
Associate Vice President, Information Technology & CISO in Education2 months ago
From my perspective, I think seeking a third party service provider is the best route. I have a tendency to outsource a lot in my business, so that might be influencing my opinion. However, if you have in-house expertise in gamification, then it would make sense to utilize that. Unfortunately, we don't have that expertise in-house, and there are plenty of companies out there that specialize in this area.

I've seen some programs that have successfully incorporated gamification, but the challenge lies in maintaining the momentum. Once a scenario is completed, what comes next? How do you progress to the next level? How do you continue to earn points? Just like any game or system, you need to keep feeding into the gamification machine. You need to reach the next level, earn that badge, and gain recognition. That's why, if you lack the necessary skill set, I would recommend going with a third party.

I believe this approach is particularly effective for technical teams. For instance, gamifying the 'red team, blue team' dynamic in a simulated environment can be a great strategy. Having your network or dev team engage with these solutions can help them identify bad code or network attacks, thereby preparing them for real-life situations.

CISO in Banking2 months ago
We don't currently have a gamification program in place, but I think the facility exists within one of our third party providers.

We're going to explore this further. We do already award employees with points, which they can redeem for material rewards. I think this could be easily incorporated into our organization. We might even trial it in October, which is Cyber Security Month. During that month, we send out weekly messages to all employees.

Director of Supply Chain2 months ago
There are simple ways to use gamification when embarking upon organizationally wide security awareness training.

Some healthy and harmless inter-organizational team based competition is a good way to ramp up engagement that supports a communication strategy aimed at bringing focus to the issue.

A quiz based based game that tests team member knowledge is also a very light touch way to rollout such a competition.

Applying a localised and/or industry culturally relevant theme to the branding can add some much needed flavour to a topic that some might consider quite bland. Think Moto GP, Wimbledon Championships, Tour de France with some clever word play.

lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
VP of Information Securitya month ago
We have not yet incorporated gamification into our security awareness training. Instead, we have organized cybersecurity events featuring knowledge-sharing sessions and various security game booths. However, we have found that conducting phishing exercises yields significant results. The Risk Management Department conducts phishing tests for all staff and targeted groups several times a year. Employees who fail these exercises are required to complete an online cybersecurity awareness course. We also report the results, along with our KPIs, to the Risk Committee.

Content you might like

What is your organization’s current status for implementing endpoint security to protect O365 on mobile devices?

End-User Services & CollaborationSecurity & GRCDevice Management+14 more

Implementation complete23%

Implementation in progress54%

Planned within the next 12 months12%

Not planned7%

Not enabling O365 on mobile2%

View Results
2.4k views2 Upvotes

What’s on your IAM roadmap for the next 18-24 months?

Identity & Access Management (IAM)Threat & Vulnerability ManagementSecurity Strategy & Roadmap
Director of IT in IT Services4 days ago
Implementation of Zero trust architecture, its modules across the organisation is a priority for us. So, we will be implementing zero trust strategies in IAM, inline with overall strategy.
1.4k views1 Comment

How can CISOs influence (or perhaps even contribute to) the business’s AI adoption strategy?

Security Strategy & RoadmapSecurityDisruptive & Emerging Technologies+3 more
CISO in Manufacturinga month ago
CISOs have a unique opportunity to proactively shape their organization's AI adoption strategy, Because AI adoption is either in the process of emerging or companies that have already gone down a path are readjusting their ...read more
1
Read More Comments
701 views6 Comments

Which of the following, if any, are part of Apple's iOS Account Deletion Requirement?

Security Strategy & RoadmapEnterprise ApplicationsData Protection & Encryption

Account deletion19%

Personal data (PII) deletion from a company's own data warehouses.55%

Personal data (PII) deletion from both a company's own data warehouses and connected SaaS tools.18%

Account deletion and PII deletion from both a company's own data warehouses and connected SaaS tools.7%

View Results
1.5k views2 Upvotes

I am increasingly having to present to our board and it’s not always the best experience. Do you have any advice on how best to approach a company board that is not technical at all?

People & Leadership
Chief Cloud Officer in Software6 years ago
My board experience has primarily been with board members that are not technical. The approach I take is to "translate" technical bits into business impact information. It seems many non-technical board members care most ...read more
64 3 Replies
Read More Comments
177.4k views169 Upvotes153 Comments