anchor

ALARM

Awareness Lab SME Information Security

Small and medium-sized enterprises (SMEs) collect, process, and use large amounts of sensitive data with the help of digital IT solutions. The problem is that these companies tend to underestimate the risks and dangers posed by ever more ingenious attackers. A lack of concern for or ignorance of information security, the violation of company guidelines on information security, or the absence of any such guidelines are all risks confronting businesses of all shapes and sizes. The numerous attack points in an enterprise represent defects in the security system. These can have delayed consequences for SMEs. This is where the multidisciplinary research project Awareness Lab SME (ALARM) Information Security comes into play.

Technical University of Applied Sciences Wildau (TH Wildau)

TH Wildau, which was founded in 1991 in the state of Brandenburg, is a very active university of applied sciences with a strong focus on research: this has a positive influence on the quality of teaching it offers. It has proven itself to be a competent and reliable partner in a large number of externally funded projects nationwide. The university’s main focus is on practical applications, along with research and development (R & D) and knowledge and technology transfer.

Project

Awareness Lab SME (ALARM) Information Security aims, over the space of three years, to create a complete scenario that ranges from raising awareness in SMEs and supporting them in the area of information security to creating tools to enable them to support themselves. Each project year is split into three consecutive phases, each manifesting as an agile and participative process. The phases are geared to the development of innovative analogue and digital learning scenarios, “on-site attacks”, and scientific testing, including awareness measurements, quizzes, and tests. This whole scenario is intended to perform the vital task of raising awareness among executives and employees and thus lead to targeted staff development in SMEs and VSBs, which at present is not standard in these companies. The idea is to make IT security tangible and comprehensible by connecting it with digital processes, which are increasingly prevalent in the workplace. Participants will also be emotionally engaged and actively involved in the development of measures. This should create a durable culture of information security across the organization.

anchor

Goals and Content

Working in cooperation with pilot SMEs and handicraft businesses, the project will systematically infer deficiencies and shortcomings within key business processes using defined activity protocols. Security and competence profiles will also be derived from the data. Measures will be developed in both analogue and digital form with a view to activating ongoing and far-reaching awareness of security concerns. These measures will be thoroughly tested and evaluated in a real-world setting. Best-practice guidelines accompanied by success stories from the participating companies will be promulgated at national level via associated transfer partners in a bid to appeal to other business concerns. Innovative measures to enhance in-house awareness in SMEs and VSBs are the prelude to a maturity assessment. The impact analyses are complemented by quality and outcome assurance combined with risk management and an accompanying evaluation. The networking of all participants will be promoted nationwide.

Methods

To implement the project’s goals, specific training concepts, awareness-raising concepts, and learning materials, adjusted to the needs of SMEs, will be developed, tested, and evaluated. Game-Based and Accelerated Learning underpin the experience-oriented learning scenarios, which focus on the area of information security. Previous studies and research work carried out by Prof. Scholl and the research partners known_sense have indicated that learning processes in the area of information security it is require learners’ emotions to be engaged, generating a sense of personal motivation. All the materials that are developed will be free for all companies to use at the end of the project as downloads or via online platforms. This will promote a heightened awareness of IT security and raise security levels all across Germany.

anchor

Es werden insgesamt sieben digitale und analoge Serious Games zur Verfügung gestellt. Die digitalen Versionen können direkt genutzt werden. Für die Durchführung ananloger Awareness- und Schulungsmaßnahmen in Ihren Unternehmen, stehen Anleitungen für die Moderation und alle benötigten Materialien zur Verfügung.

Seven digital
serious games

Only in German and limited for internal usage

Seven analog
serious games

Only in German and limited for internal usage

VOA

Anleitung 1

Storykonzept analoger Serious Games

Download PDF

Homeoffice

Sicher zuhause
wohnen & arbeiten

Passwortschutz & Multi-
Faktor-Authentifizierung

CEO Fraud

Die 5 Phasen des CEO-Frauds

Mobile Apps

Mobile Kommunikation,
Apps & Co.

Social Engineering

Cyber Pairs

Daten- & Informationsschutz

Die wichtigsten Schutzstrategien

Infoklassen-Roulette

Informationen sicher klassifizieren

Infoklassen-Roulette

App (online)

Storykonzept digitale Serious Games

Download PDF

Der erste Tag

Social Engineering
& Passwortschutz

Der Hackerangriff

Social-Engineering-Methoden
& -Werkzeuge

Die Spurensuche

CEO-Fraud-Methoden
& -Schutzmaßnahmen

KI im Homeoffice

Schutzmaßnahmen im
Homeoffice & Smarthome

Alles nur geCLOUD

Passwort-Hacking-Methoden
& Passwortschutz

Eine Klassifizierung für sich

Info-Klassen
& Verwendungszweck

Der Ransomware-Angriff

Verschlüsselung & Messenger-Dienste

Selbsttest

App (online)

Passworthacking

Karl Schattenberg

anchor

Public relations

Various publications, articles, and press materials are being produced in the context of the project. These will be made available here on an ongoing basis.

Public relations

Various publications, articles, and press materials are being produced in the context of the project. These will be made available here on an ongoing basis.

SCI 60 (Youtube)

Transcript

Information Security Awareness Training

Transcript

Résumé of the Gamified Increase in Security Awareness

Transcript

Home Office

Transcript

Security Sensitization and Awareness

Transcript

Raising Employee's Awareness of CEO Fraud Attacks

Unkonventionelle Schulungen

Link zu Website

Interview -- Schutz vor Cyber-Attacken

ab Minute 1:10 (1GB)

Gegen Hacker-Angriffe gewappnet

Pressemitteilung der MAZ

ALARM erste Ergebnisvorstellung

Pressemitteilung der TH Wildau

Interview 29.11.2020

Zwischen Margit Scholl und dem RBB

ALARM Kick-Off

Pressemitteilung der MAZ

ALARM Kick-Off

Pressemitteilung der TH Wildau

31.03.2024

Bild-Impressionen

2020-2024

Download (zip) 1,35 MB

22.03.2024

Cyber-Angreifende hacken Mitarbeitende und Führungskräfte - was sollten KMU tun?
(IHK Stuttgart)

19.02.2024

6. Digitalsalon für Mitte und Pankow

31.01.2024

Spielend IT-Sicherheit beachten in Caputh
(Handwerkskammer Potsdam)

07.12.2023

HWK-interne Sensibilisierung,
Handwerkskammer Potsdam

27.11.2023

Azubi-Ausbildung zu ALARM-Methoden
im ZIT BB Potsdam

11.10.2023

DAB Digitalforum 2023
Berlin

29.06.2023

33. Cyber-Sicherheits-Tag

23.06.2023

Awareness Forum 2023

(Abschlussveranstaltung)

Einladung & Programm

11.05-12.05.2023

Take Aware / Sexy Security 2023
Strangers in the Night

Regina Schuktumow
zur Take Aware

Hubertus v. Tippelskirch:
Serious Games für starke Interaktion in KMU

12.01.2023

Moderarorenausbildung
an derTechnischen Hochschule Wildau
(in Präsenz)

Einladung

29.09.2022

Kongresszentrum Dresden
32. Cyber-Sicherheits-Tag
Allianz für Cyber-Sicherheit, BSI

21.09.2022

Aktionstage IT-Sicherheit

"Angriff aufs System. Was nun? – Herausforderungen, Chancen und Aussichten für IT-Sicherheit in KMU"

Eröffnung 21.09.2022

Aktionstage 22.-23.09.2022

08.09.2022

HTW Berlin

11. IT-Sicherheitstag
Mittelstand

Website

08.04.2022

Awareness Forum 2022

Pressemitteilung

Wissenschaftswoche

Plakat (PDF)

Flyer im Forschungsprojekt

Broschüre mit wichtigen Erkenntnissen aus Stdudie 1

Aktueller Projekt-Flyer

Projekt-Plakat

Current flyer

Awareness Lab SME Information Security

1. Plakat für die Wildauer Wissenschaftswoche

2. Plakat für die Wildauer Wissenschaftswoche

1. Plakat für den Fachtag Informatik an der TH Wildau

2. Plakat für den Fachtag Informatik an der TH Wildau

Poster zu analogen & digitalen Serious Games

Forum 2023
Impressionen

Mittelstand 4.0
Kompetenzzentrum
IT-Wirtschaft

Mittelstand 4.0
Kompendium
Cottbus HUB Wildau

Frauenhofer FOKUS

Netzwerk für IT-Sicherheit in der Hauptstadtregion Berlin-Brandenburg

Cybersicherheit für den Mittelstand

Schlussbericht

(Download PDF 9 MB)

Résumé of the Gamified Increase in Security Awareness in KMU
(2024)

DOI:10.13140/RG.2.2.13519.29600

Projektdokumentation als Buch
(2024)

Building Competence ...
(2024)

Download Chapter

Play the Analog Game ...
(2023)

Download Chapter

Cyberattacks:
An Attempt to Obtain
a Multidimensional
Awareness Indicator

2023

DOI:
10.13140/RG.2.2.29494.88642

Raising Awareness of CEO Fraud in Germany: Emotionally Engaging Narratives Are a MUST for Long-Term Efficacy

Link zum Text

Sustainable Information Security Sensitization in SMEs:
Designing Measures
with Long-Term Effect

Download Präsentation
with Comments (5 MB)

DOI: 10.13140/RG.2.2.34339.53286

Sustainable Information Security Sensitization in SMEs:
Designing Measures
with Long-Term Effect

Download Paper (2 MB)

Website

Informationssicherheitskultur verstehen, mit Serious Games sensibilisieren und das Informationssicherheits- bewusstsein der Mitarbeitenden erhöhen

Link zum PDF (12 MB))

Website zum Tagungsband

Report 3
(2023)

Download Studie 3 (6 MB)

Game over vs. Game lover

Download Chapter 5

Game over vs. Game lover
(2023)

Download Studie 3 (6 MB)

Target Groups in German SMEs for Information Security Training:
The Use and Limits of Job Profiles in Designing Training Units

(auf Englisch)

2022

Link zum Artikel

Identification of Target Groups in German SMEs Based on Job Profiles

Download Proceedings (1 MB)

Link: Website

Using Emotional Design
to Raise Awareness
of Information Security

Link zum Artikel

Raising Information Security Awareness Using Digital Serious Games with Emotional Design

Link zum Artikel

Serious Games als Lernmethode zur Steigerung der Informationssicherheit

Link zum Artikel

Website zur Konferenz

Enabling vs. Entmündigung
(2023)

Download Studie 2 (8 MB)

Vorwort zum: "Report zur
Informationssicherheit
in KMU –
Sicherheitsrelevante Tätigkeitsprofile"

(auf Englisch)

2021

Link: Website

Qualitative Wirkungsanalyse
Security Awareness in KMU

Download (7 MB)
Download Kurzversion

Vorwort zur: "Qualitative Wirkungsanalyse Security Awareness in KMU Tiefenpsychologische Grundlagenstudie"

(auf Englisch)

2021

Link: Website

Sicherheitsrelevante Tätigkeitsprofile in KMU (2021)

Download Studie 1 (8 MB)

The Current State of Information Security Awareness in German SMEs

Link zur Website

Direktlink zum Text

Global Cybersecurity Index (GCI) and the Role of its 5 Pillars (Englisch)

Link zum Text

(How) Can Directive (EU) 2019/1937 on whistle-
blowers be used to build
up a security and safety culture in Institutions

(Englisch)

Link zum Journal

Direktlink zum Text

anchor

Partners

Gamebook Studio

Ulrike Küchler
+49 345 213 890 03

www.gamebook.io

At Gamebook storytelling is our business-and our passion. Our vision is to create and deliver the best storytelling games available. Our mission is to provide the necessary knowledge and the network along with a tool set that is easy to use and comprehensive at the same time.

We achieve these goals by thinking out of the box and combining our web-based software with agile networks where we bring IT developers, producers, game designers, artists, and authors together in a way nobody ever imagined-all in one place. Since our foundation in 2010, this idea has driven us and our team has been continuously growing ever since.

Today, we offer Games and Training-as-a-Service solutions for all kinds of projects: from IP based interactive Visual Novels to custom learning experiences that facilitate the power of good stories.

Known_sense is committed to providing a look behind the scenes using the requisite knowledge of people as “black boxes”: the result is lively communication on the subject of security and effective awareness-raising. The company has been working in this way since 2002. Globally, we were the very first agency to be completely focused on awareness-raising, and we are still the only firm that serves the entire value chain from impact studies on security to conceptual design, consulting, product development, design, media production, training, gamification, evaluation, and much more. In the two decades since the company was founded, our consultants, creatives, psychologists, and trainers have implemented measures for more than a hundred small and large companies in almost fifty countries and in twenty-five different languages. These measures are derived from a knowledge of the paradoxical urges that drive people in the context of security and—to quote numerous clients and customers—get them to do “peculiar” things: things that need to be examined carefully and require special responses.

Our task within the project ALARM is to conduct qualitative impact studies based on depth psychology—we are responsible, in other words, for a baseline study of information security and awareness within SMEs, for testing the concepts and products, and for developing, visualizing, and manufacturing seven game-based, analogue learning scenarios.

known_Sense

Dietmar Pokoyski
02203 1831618

www.known-sense.de

Thinking Objects

Martina Vogt
+49 152- 05706824

www.to.com

IT. High-performance. Safe. Customer-oriented. The owner-operated company Thinking Objects—TO, for short—is a competent IT service provider with a focus on IT security. For more than twenty-five years TO has been delivering solutions tailored to the market that offer support, relieve stress, promote optimization, and provide security for the IT departments in SMEs and corporations.

TO brings to the ALARM project its expertise in conceptualizing and executing “on-site attacks”. The assessments of these attacks lead to recommendations for action for low-threshold safety concepts, on the basis of which each company can enhance its ability to make independent decisions with a bearing on IT security.

Located in Potsdam since 2004, Sudile is a company that focuses on developing and adjusting learning platforms, providing consultations on the implementation of e-Learning and Blended Learning, trainings on topics related to e-Learning, and the didactic conceptualization of learning services.

In the ALARM project, mathematical chemist Dr Rainer Brüggemann uncovers the connections (“matches”) between and within two groups: a) anonymous subjects and b) cyberattacks. The “matching” research approach contributes to awareness measurements, promotes a better understanding of the relationship between cyberattacks and the companies affected by them, and helps define learning success.