Training ID Document
 
 

Training Title:

Agent Surefire - Infosec

Training Description:

Agent Surefire – Infosec is an immersive Information Security training simulation in Serious Games format raising employee awareness and “buy-in” on information security best practices. It is designed to effortlessly bridge daily experience with the methods of securing sensitive information. The engaging game-based content delivery allows learning by trial and error, situational awareness, immersed decision making, by way of identifying violations in a realistic office simulation. Ultimately, a boring, even punitive training becomes fun, creating unmatched employee participation and Infosec awareness.

Training Objectives:

Increasing awareness on the following:

  • The importance of corporate information and the overlooked reality of insider threats
  • How seemingly innocent or irrelevant actions and items may cause unauthorized access to corporate information
  • Types of media and materials that may cause information security vulnerabilities and methods of securing them in the office environment
  • Forms of security threats both from inside and outside the company and how to avoid them
  • Importance of employees as individuals fully responsible for the security of the company
  • Obtaining the following:
  • Protected corporate information assets, safeguarding the company’s competitive advantage and reliability
  • Greater confidence in the company by clients, partners and employees
  • Prevention of considerable financial losses and legal hassles
  • Reinforced employee loyalty by way of demonstrating company’s commitment to protecting staff and client assets by investing on cutting-edge training technologies

Target Audience:

All employees who handle sensitive information such as research & development, critical and strategic projects, marketing materials and accounting data, competitive services and confidential methodology, customer and business partner information, confidential employee information, etc...

Training Duration:

Completing the required training and identifying a minimum number of violations for a passing score takes 20-40 minutes.
The trainees have the option to spend extra time on the game and attempt to find the remaining violations to increase their score against competing colleagues or to uncover the bonus play, catching the “mole” presented in the story line. This entertaining element increases interest in the subject matter, generating continued participation and increased retention thru repetition.
Administrators can place optional restrictions on game time during office hours. (See Technical Document)

Subjects Covered (Outline):

The training/simulation contains more than 90 cases of information security violations that are categorized under 9 or 13 main categories (according to the needs of the institution) distributed around the virtual office:

  • Contradictory behavior to “Clean Desk Policy”.
  • Documents or media with sensitive information left unconcealed and unsecured.
  • Improper disposal of sensitive documents.
  • Leaving the computer terminals or password-protected software running and unlocked.
  • Unconcealed PIN numbers and passwords.
  • Portable hardware and devices left unattended, which if stolen would result in material, financial and strategic losses.
  • Information left or forgotten on pin-up boards, meeting tables, printers and etc.
  • Using predictable PIN numbers to access Voicemail.
  • Closets and drawers left unlocked and/or their keys unsecured.
  • Sensitive documents filed together with non-sensitive documents.
  • Possession and/or use of software and/or storage media that management deems illegal and unsafe.

Number of Training Screens:

275 interactive views, plus a total of 550 interactive objects; 54 files/documents with 350 pages.

Office Environment:


The players can:

  • Walk around the office and interact with objects on and around 15 desks,
  • Examine the contents of shelves, drawers, cabinets and closets,
  • Search for unprotected keys and gain access to the locked drawers and cabinets,
  • Analyze documents in order to sort out the information that should’ve been protected,
  • Search inside trash bins, recycling bins, printers, scanners and even flower pots,
  • Interact with the computer screens, peripherals and drives,
  • Use the phones to access voicemail and make in-game calls,
  • Gather evidence clues to hunt down the “mole” leaking information.

Screenshots:

 

Versions:

Version 1: Information Security Violations displayed in 9 Categories
Version 2: Information Security Violations displayed in 13 Categories

Version 1

Version 2

1. Closets and drawers left unlocked and/or their keys unsecured even if empty 1. Closets and drawers left unlocked and/or their keys unsecured even if empty.
2. Documents and media containing company activity information left unconcealed and unsecured 2. Documents and media containing company activity information left unconcealed and unsecured
3. Documents or media with employee, client or partner information left unconcealed and unsecured

3. Documents or media with client and customer information left unconcealed and unsecured.
4. Documents or media with employees’ personal information left unconcealed and unsecured.
4. Improper disposal of documents containing sensitive information 5.Improper disposal of documents containing information about the company's commercial activities.
6. Improper disposal of documents containing confidential client and customer information.
7. Improper disposal of confidential documents with employees’ personal information.
5. Leaving the computer terminals or password-protected software running and unlocked 8. Leaving the computer terminals unlocked and still connected to the network.
9. Leaving password-protected software containing corporate data unlocked.
6. Unconcealed PIN numbers and passwords 10. Unconcealed PIN numbers and passwords.
7. Using predictable PIN numbers to access Voicemail 11. Using predictable PIN numbers to access Voicemail.
8. Portable hardware left unattended, which if stolen would result in material, financial and strategic losses 12. Portable hardware left unattended, which if stolen would result in material, financial and strategic losses.
9. Possession and/or use of software and/or storage media that management deems illegal and unsafe 13. Possession and/or use of software and/or storage media that management deems illegal and unsafe.

Industry Recognition

Apex Awards - Electronic and Video Publications - Grand Award Communicator Awards Corporate Training Award of Distinction Immersion Awards - Best Industry Game American Business Awards - Training - Finalist Hermes Awards - Web Based Training - Platinum Award
Apex Awards
Electronic and Video Publications
Grand Award		 Communicator Awards
"Corporate Training"
Award of Distinction		 Immersion Awards
"Best Industry Game"
Winner		 American Business Awards
"Best Interactive Training"
Finalist		 Hermes Awards
"Web Based Training"
Platinum Award

Digital Media Awards - Best In e-learning - Gold

 Summit EMA - Online Gaming - Innovator Award Summit EMA - Flash Design - Leader Award Serious Games Showcase and Challenge - Business Game - Finalist  
Digital Media Awards
"Best In e-learning"
Gold Finalist Award		 Summit EMA
"Online Gaming"
Innovator Award		 Summit EMA
"Flash Design"
Leader Award		 Serious Games Showcase and Challenge
"Business Game"
Finalist