Government digital agendas worldwide go hand in hand with the digital transformation in businesses and public administrations as well as the digital changes taking place in society. New technologies and applications such as Social Media are new types of information production and sharing tools which are used in digital environments. The very interesting developments must be understood and designed in a user-friendly way. The thus connected and simultaneously embracing hazards abuse and organized crime must be prevented. Security awareness is a necessary response to the challenges ahead.
Information security (IS) and awareness must be an integrated part of these agendas. The goal of information security is to protect information of all types and origins. Here, the employees play a necessary and significant role in the success of information security, and the entire staff of an institution need to know about their specific roles and be aware of the information security management system (ISMS).
Although information communication technology (ICT) shapes our lives, we tend to have an insufficient knowledge of the risks involved, of information security, and of the General Data Protection Regulation (GDPR); this is compounded by carelessness in handling data and insufficient information security awareness. As there are still fundamental strategic deficiencies in the institutions themselves, humans should not be called “the weakest link” in the security chain. Backed by a clear conceptual approach, information security awareness trainings (ISAT) are essential for everyone. However, classical trainings are not currently working.
Psychologically based research shows that a systemic approach might be helpful. This is where analogue game-based learning (GBL) comes into play. Psychological studies show the great importance of emotionalizing when communicating IS knowledge and the reliable exchange of experience about IS. However, in many institutions a change in culture is becoming necessary. IS must be integrated into all (business) processes and projects, and viable safeguards must be included. In the digital age every employee should be aware of and competent in information security.
Game-based learning receives increasing recognition as an effective teaching and learning method for promoting motivation and inducing behavioural changes because simulation games enable active and experience-oriented learning by trial and error, repetition, team work and communication. They offer immediate feedback regarding the learning progress and are oriented towards the learners, their level of knowledge and their needs (learnercentred approach). A new integration of analog serious games and different learning methods, called awareness training 3.0, is needed integrating knowledge transfer, emotionality and team-based applications. This methodical triad is needed for the sensitization for information security. While an analog game version increases the understanding of the information security concept after playing the game, digital game versions engaged the individuals through voluntary repetition and therefore substantially reinforce the information learned earlier.
The talk summarizes the most important scientific findings and transfers them to the practice of information security trainings. Moreover, it involves the gaming of 6 examples of analog learning scenarios and provides practical assistance for information security sensitization. An allover discussion is welcome.
Margit Scholl, PhD, is Professor for Business Informatics and Administrative IT in the Faculty of Business, Computing, and Law at the Technical University of Applied Sciences Wildau situated to the southeast of Berlin.
After studying physics and meteorology in Mainz and Berlin, Prof. Scholl worked as a researcher on a number of projects for the German Research Foundation, developing numerical models for pollutant dispersion and applications for digital image processing. She did her doctorate in meteorology at Berlin’s Freie Universität. She also lectured in environmental computing, with a special focus on geo-information systems. She was a section/unit head within the Berlin Senate administration, during which time she undertook further studies in business administration and computing at the FernUniversität in Hagen. In 1994, she was granted a professorship at the University of Applied Administrative Sciences Bernau (in the state of Brandenburg) and helped in the transfer and roll-out of the 1997 pilot programs at the Technical University of Applied Sciences (TUAS) Wildau. From 1998 to 2001, she was head of the IT-user service in the Brandenburg State Office for Data Processing and Statistics (now the ZIT-BB), and provided support on a short-term basis for the Federal University of Applied Administrative Sciences (BfA), an interministerial university in Berlin. In 2001, she returned to the TUAS as a professor of business and administrative computing.
Prof. Scholl has assembled a research team (Innovation in Teaching/Learning) for her planned pro-jects, a group that is to be completely supported by external funding. The team has been carefully chosen to bring together a broad range of interdisciplinary research and teaching experience of the kind that is nowadays required. In 2010, she founded the WILLE Institute (Wildau Institute for Innovative Teaching, Lifelong Learning and Constructive Evaluation), which is affiliated to the university under the umbrella of the Centre of Technology Transfer and Advanced Learning.
She won the university’s research prize in 2011, and in 2013 she did a research semester at the University of Washington’s iSchool in Seattle, USA. In 2014, she had her university professorship at the TUAS converted to a five-year research professorship. Her aim in this new position is to focus on developing and deploying a holistic understanding of technology in an area that will in future be more strongly characterized by diversity. This focus will be applied to the following research area: “Holistically Building and Managing Smart Technologies in the Twenty-First Century.”
Her research and teaching work centers around:
- Project management, including E-Government/Smart Governance and Internationalization
- Process management including acceptance, quality, risk and change management
- Multimedia forms of learning (including learning technologies) and interculturality
- IT security, including IT baseline protection as per the Federal Office for Information Security
- Continuing education and specialized training for SMEs and administrative bodies: e.g., the certified training course IT-SiBe (IT Security Officer), which is based on the BAköV (Federal Academy of Public Administration) training model.