| |
 Introduction
Agent Surefire – Infosec is an immersive Information Security training simulation in Serious Games format. It’s an off-the-shelf e-learning course designed to raise employee awareness and “buy-in” on information security best practices. It is designed to effortlessly bridge daily experience with the methods of securing sensitive information. The engaging game-based content delivery allows learning by trial and error, situational awareness, immersed decision making, by way of identifying violations in a realistic office simulation. Ultimately, a boring, even punitive training becomes fun, creating unmatched employee participation and Infosec awareness.
Statistics show:
- Over 80% of Infosec breaches are from insider sources without using computers or high-tech devices
- 88% of those breaches were caused by Human Error and were unintentional
- 99% of the organizations breached had strong Cyber Security practices in place.
The goal
The goal of the game is to create employee awareness in recognizing their essential role in safeguarding sensitive information inside their office environment.
By increased awareness
While cyber security is handled by highly effective and ever-present technology, protecting the valuable information assets inside the office environment mostly relies on employee actions and decisions. Since an employee’s primary objective is to carry out work duties, the office environment becomes highly susceptible to human errors in judgment. Majority of the insider threats consist of unintentional security violations (for example, improper disposal of important documentation) Taking an inspector’s position in a simulated environment increases awareness while “connecting the dots”.
By heightened sense of responsibility
A significant percentage of employees suffer from what is known as “ethical flexibility” where they feel it is their right to steal information if they believe the organization has not treated them fairly. Surveys show that in most cases other employees were aware of the intention of theft and it was they who reported it. Therefore, workers’ role goes beyond avoiding their own mistakes to taking a proactive stance against Infosec threats.
The Method
The most natural way to learn is what is commonly known as “hands-on”, which may be described as “Situation -> Evaluation -> Decision -> Action”. The resulting consequence (feedback) induces a feeling depending on success or failure. Human brain is wired to recall the conditions where this feeling is experienced.
In a realistic immersive simulation, the learning context becomes very similar to performance context. In other words, the situational experience in the simulation is almost identical to that of the real office. Just like in reality, an office may have dozens of security vulnerabilities. Trainee is empowered to think the way an auditor/inspector does and looks for Infosec violations.
While the multi-sensory, immersive, challenging and multi-repetition structure makes retention near-perfect, the game setting challenges the trainee to locate and correctly identify vulnerabilities against a game score. This removes the resistance to an otherwise-boring training and makes learning effortless.
Outstanding Features & Quick Facts
- Browser-based training. No local installation needed. SCORM 1.2 & SCORM 2004 compliant LMS courseware.
- Off-the-shelf, ready for immediate deployment.
- User-based licensing and pricing. Fraction of what it would take to develop a custom game.
- Agent Surefire Platform. Customizable game engine with over 80 features with hundreds of sub-functions. 23,000+ labor hours invested to date.
- Easily customizable content. 700+ modular elements that make up the game
Easy customization features of the Agent Surefire Platform provide low-cost, relevant and just-in-time creation and modification of training content.
- Easy integration of existing e-learning courseware on security awareness into the gameplay.
- First of its kind, game-based immersive training focusing on reducing losses caused by the human factor.
- Realistic simulation, true-to-life. Virtual office space with hundreds of interactions.
- Non linear content delivery. Countless permutations allowing a unique experience each time. True-to-life free exploration. Individual learning experience.
- Game-based content delivery. Generates attention, interest, permits increased repetition.
- Integrated game objective. The story line challenges the trainee to find enough clues to incriminate a “mole” (insider threat) leaking out intellectual assets.
- Easy to navigate. Four-directional controls, does not require previous game experience.
- 97 violations available to discover while it takes only 9 to pass. Lots of chances to learn by by mistakes. (Default content – customizable)
- 70 minutes average course completion time.
- Administrator control over game time. Automated time limiter over how long the game can be played within office hours. Allows unlimited play outside office hours, reducing personnel costs.
- Detailed trainee performance reporting. Quickly identify security violation areas requiring attention. Utilize the user statistics to identify patterns.
- Optional Leader Boards for company-wide competitions.
- Over 50% of users in a 1,300-user study group of medical professionals took the training home to continue playing in their own time!
Agent Surefire – Infosec Info
Game environment:
- 275 interactive views
- 550 interactive objects
- 54 files/documents with 350 pages.
- 97 violations waiting to be uncovered
- 9 violation categories
Training completion and success criteria:
Success Rate is the percentage of violation categories correctly identified.
Minimum Success Criteria is 70% of violation categories correctly identified. (This percentage is customizable)
Game Score is points collected by way of actions inside the virtual office space. It is independent of Success Rate.
Training completion is discovering/experiencing at least one violation from each violation category. Minimum Success Criteria must still be met.
Training conclusion is optional. Trainee may continue playing the game even after attaining 100% Success Rate. This provides continued learning and discovery, increased learner engagement and much-needed repetition for retention.
Actual User Statistics Based on the Above Criteria
(1,323-user pilot study among medical professionals. Data collected between January and August 2010)
- 75.5% opted in, becoming active participants
- 85.7% of active participants completed the training, of which 100% passed. (Average Success Rate is 98%)
- 98% of active participants surpassed the Minimum Success Criteria. (Including those who are still continuing their training)
- 59.6% of participants discovered more than 50 of the 97 violations available.
- 50.5% continued their training in their personal time after business hours.
- 12.8% took the training past-midnight.
Feedback from Training Administrators
“The impossible has been achieved! Infosec training is now immersive!”
“Mavi Interactive did a great job of presenting this training program as a game, very educational and informative; I have already found myself looking for information security violations around me.”
“I think the contents worked very well with the choice of technology (Flash), and it is a great example of what corporate training can look like.”
“Presents enough of a challenge that one wants to play it all the way through. Few repetitions of problem areas though one is motivated to conduct more thorough searches at each work station as a result of the range of problems encountered - effective at increasing attention to detail in the game setting.”
“After 10 minutes of playing the game, I really feel like Agent Surefire running in an office trying "my" best to uncover security mistakes left by the company's employee. Moreover, I am also learning what not to leave unattended on my own desktop, and office. The learning experience is great!”
“The quality of the product is very high and the whole game has been professionally executed”
Industry Recognition
|
|
