"Although many of the concepts included in cyber security awareness training are universal, such training often must be tailored to address the policies and requirements of a particular organization. In addition, many forms of training fail because they are rote and do not require users to think about and apply security concepts. A flexible, highly interactive video game, CyberCIEGE, is described as a security awareness tool that can support organizational security training objectives while engaging typical users in an engaging security adventure. The game is now being successfully utilized for information assurance education and training by a variety of organizations. Preliminary results indicate the game can also be an effective addition to basic information awareness training programs for general computer users (e.g., annual awareness training.) Typical employees of both large and small organizations may be made acutely aware of a wide array of cyber security problems. These range from spam and phishing to well organized attacks intended to corrupt or disable systems. Despite these constant reminders, users often take an ostrich-like attitude toward the security of the information systems they use, believing that there is little that they can do to mitigate this onslaught of problems. Even within the major organizations, users select trivial passwords or think that, so long as they keep their machines within viewing distance, arbitrary hookups to unknown networks and to the Internet pose no threat. Thus, despite their increased awareness of security problems, users and administrators of systems continue to take few effective precautions."
Computers & Security, v.26, p. 63-72