anchor

ALARM

Awareness Lab SME Information Security

Small and medium-sized enterprises (SMEs) collect, process, and use large amounts of sensitive data with the help of digital IT solutions. The problem is that these companies tend to underestimate the risks and dangers posed by ever more ingenious attackers. A lack of concern for or ignorance of information security, the violation of company guidelines on information security, or the absence of any such guidelines are all risks confronting businesses of all shapes and sizes. The numerous attack points in an enterprise represent defects in the security system. These can have delayed consequences for SMEs. This is where the multidisciplinary research project Awareness Lab SME (ALARM) Information Security comes into play.

Technical University of Applied Sciences Wildau (TH Wildau)

TH Wildau, which was founded in 1991 in the state of Brandenburg, is a very active university of applied sciences with a strong focus on research: this has a positive influence on the quality of teaching it offers. It has proven itself to be a competent and reliable partner in a large number of externally funded projects nationwide. The university’s main focus is on practical applications, along with research and development (R & D) and knowledge and technology transfer.

Project

Awareness Lab SME (ALARM) Information Security aims, over the space of three years, to create a complete scenario that ranges from raising awareness in SMEs and supporting them in the area of information security to creating tools to enable them to support themselves. Each project year is split into three consecutive phases, each manifesting as an agile and participative process. The phases are geared to the development of innovative analogue and digital learning scenarios, “on-site attacks”, and scientific testing, including awareness measurements, quizzes, and tests.

This whole scenario is intended to perform the vital task of raising awareness among executives and employees and thus lead to targeted staff development in SMEs and VSBs, which at present is not standard in these companies. The idea is to make IT security tangible and comprehensible by connecting it with digital processes, which are increasingly prevalent in the workplace. Participants will also be emotionally engaged and actively involved in the development of measures. This should create a durable culture of information security across the organization.

anchor

Goals and Content

Working in cooperation with pilot SMEs and handicraft businesses, the project will systematically infer deficiencies and shortcomings within key business processes using defined activity protocols. Security and competence profiles will also be derived from the data. Measures will be developed in both analogue and digital form with a view to activating ongoing and far-reaching awareness of security concerns. These measures will be thoroughly tested and evaluated in a real-world setting. Best-practice guidelines accompanied by success stories from the participating companies will be promulgated at national level via associated transfer partners in a bid to appeal to other business concerns. Innovative measures to enhance in-house awareness in SMEs and VSBs are the prelude to a maturity assessment. The impact analyses are complemented by quality and outcome assurance combined with risk management and an accompanying evaluation. The networking of all participants will be promoted nationwide.

Methods

To implement the project’s goals, specific training concepts, awareness-raising concepts, and learning materials, adjusted to the needs of SMEs, will be developed, tested, and evaluated. Game-Based and Accelerated Learning underpin the experience-oriented learning scenarios, which focus on the area of information security. Previous studies and research work carried out by Prof. Scholl and the research partners known_sense have indicated that learning processes in the area of information security it is require learners’ emotions to be engaged, generating a sense of personal motivation. All the materials that are developed will be free for all companies to use at the end of the project as downloads or via online platforms. This will promote a heightened awareness of IT security and raise security levels all across Germany.

anchor

Learning Scenarios

Seven analogue and digital learning scenarios and on-site attack reviews will be developed over the course of the project. These will become accessible over time as downloads or online.

Der erste Tag

Problematic behavior in the fields of Social Engineering (in German)

Learning Scenarios

Seven analogue and digital learning scenarios and on-site attack reviews will be developed over the course of the project. These will become accessible over time as downloads or online.

Analog D

Description D

Analog E

Description E

Analog F

Description F

Analog G

Description G

Digital D

Description D

Digital E

Description E

Digital F

Description F

Digital G

Description G

On-Site-Attack D

Description D

On-Site-Attack E

Description E

On-Site-Attack F

Description F

On-Site-Attack G

Description G

Security concept D

Description D

Security concept E

Description E

Security concept F

Description F

Security concept G

Description G

Learning Scenarios H

Description H

anchor

Public relations

Various publications, articles, and press materials are being produced in the context of the project. These will be made available here on an ongoing basis.

Public relations

Various publications, articles, and press materials are being produced in the context of the project. These will be made available here on an ongoing basis.

Gegen Hacker-Angriffe gewappnet

MAZ press article (in German)

ALARM first results

Press article out of the TH university newspaper (in German)

Interview 29.11.2020

Between Margit Scholl and the RBB (in German)

ALARM Kick-Off

Press article out of the MAZ (in German)

ALARM Kick-Off

Press article out of the TH university newspaper (in German)

Press G

Description G

Activity A

Description A

Activity B

Description B

Activity C

Description C

Activity D

Description D

Activity E

Description E

Event A

Description A

Event B

Description B

Event B

Description B

Poster 1

The first poster developed for the project ALARM

Flyer 2

Second variation of the first ALARM Flyer

Flyer 1

First variation of the first ALARM Flyer

Mittelstand 4.0 Kompetenzzentrum IT-Wirtschaft

Mittelstand 4.0-Kompendium Cottbus HUB Wildau

Frauenhofer FOKUS

Networking D

Description D

Networking E

Description E

Networking F

Description F

Networking G

Description G

Networking H

Description H

Global Cybersecurity Index (GCI) and the Role of its 5 Pillars

Link to the Text

(How) Can Directive (EU) 2019/1937 on whistleblowers be used to build up a securityand safety culture in Institutions?

Link to the journal
Direct link to the Text

anchor

Team

ALARM information security’s team is interdisciplinary in nature and has gained valuable experience in related projects.

Prof. Margit Scholl

Project management

Regina Schuktomow

Operational project management

Stefanie Gube

R&D - Prepational awareness and SME-Readiness

Team

ALARM information security’s team is interdisciplinary in nature and has gained valuable experience in related projects.

Peter Koppatz

R&D - On-site-Attacks and programming

Hubertus von Tippelskirch

R&D - Research, didactics und evaluation

Julian Bechthold

R&D - digital learning scenarios, programming, and design

Christin Walch

R&D - Publications and project management

Josephine Gerlach

R&D - Assistant

Peter-Ernst Ehrlich

Lab engineer

anchor

Partner

Gamebook Studio

Ulrike Küchler
+49 345 213 890 03

www.gamebook.io

At Gamebook storytelling is our business-and our passion. Our vision is to create and deliver the best storytelling games available. Our mission is to provide the necessary knowledge and the network along with a tool set that is easy to use and comprehensive at the same time.

We achieve these goals by thinking out of the box and combining our web-based software with agile networks where we bring IT developers, producers, game designers, artists, and authors together in a way nobody ever imagined-all in one place. Since our foundation in 2010, this idea has driven us and our team has been continuously growing ever since.

Today, we offer Games and Training-as-a-Service solutions for all kinds of projects: from IP based interactive Visual Novels to custom learning experiences that facilitate the power of good stories.

Known_sense is committed to providing a look behind the scenes using the requisite knowledge of people as “black boxes”: the result is lively communication on the subject of security and effective awareness-raising. The company has been working in this way since 2002. Globally, we were the very first agency to be completely focused on awareness-raising, and we are still the only firm that serves the entire value chain from impact studies on security to conceptual design, consulting, product development, design, media production, training, gamification, evaluation, and much more. In the two decades since the company was founded, our consultants, creatives, psychologists, and trainers have implemented measures for more than a hundred small and large companies in almost fifty countries and in twenty-five different languages. These measures are derived from a knowledge of the paradoxical urges that drive people in the context of security and—to quote numerous clients and customers—get them to do “peculiar” things: things that need to be examined carefully and require special responses.

Our task within the project ALARM is to conduct qualitative impact studies based on depth psychology—we are responsible, in other words, for a baseline study of information security and awareness within SMEs, for testing the concepts and products, and for developing, visualizing, and manufacturing seven game-based, analogue learning scenarios.

known_Sense

Dietmar Pokoyski
02203 1831618

www.known-sense.de

Thinking Objects

Martina Vogt
+49 152- 05706824

www.to.com

IT. High-performance. Safe. Customer-oriented. The owner-operated company Thinking Objects—TO, for short—is a competent IT service provider with a focus on IT security. For more than twenty-five years TO has been delivering solutions tailored to the market that offer support, relieve stress, promote optimization, and provide security for the IT departments in SMEs and corporations.

TO brings to the ALARM project its expertise in conceptualizing and executing “on-site attacks”. The assessments of these attacks lead to recommendations for action for low-threshold safety concepts, on the basis of which each company can enhance its ability to make independent decisions with a bearing on IT security.

Located in Potsdam since 2004, Sudile is a company that focuses on developing and adjusting learning platforms, providing consultations on the implementation of e-Learning and Blended Learning, trainings on topics related to e-Learning, and the didactic conceptualization of learning services.

In the ALARM project, mathematical chemist Dr Rainer Brüggemann uncovers the connections (“matches”) between and within two groups: a) anonymous subjects and b) cyberattacks. The “matching” research approach contributes to awareness measurements, promotes a better understanding of the relationship between cyberattacks and the companies affected by them, and helps define learning success.

Sudile

Dr. Rainer Brüggemann

www.sudile.com

anchor

Contact

Technical University of Applied Sciences Wildau
Hochschulring 1
15745 Wildau

Prof. Margit Scholl
Project management
Department: Business, Computing, and Law

+49 3375 508 917
alarm@th-wildau.de
http://www.th-wildau.de/scholl
Haus 100, Raum 106





Regina Schuktomow
Operational project management


+49 3375 508 239
Haus 100, Raum 304