Awareness Lab SME Information Security

Small and medium-sized enterprises (SMEs) collect, process, and use large amounts of sensitive data with the help of digital IT solutions. The problem is that these companies tend to underestimate the risks and dangers posed by ever more ingenious attackers. A lack of concern for or ignorance of information security, the violation of company guidelines on information security, or the absence of any such guidelines are all risks confronting businesses of all shapes and sizes. The numerous attack points in an enterprise represent defects in the security system. These can have delayed consequences for SMEs. This is where the multidisciplinary research project Awareness Lab SME (ALARM) Information Security comes into play.

Technical University of Applied Sciences Wildau (TH Wildau)

TH Wildau, which was founded in 1991 in the state of Brandenburg, is a very active university of applied sciences with a strong focus on research: this has a positive influence on the quality of teaching it offers. It has proven itself to be a competent and reliable partner in a large number of externally funded projects nationwide. The university’s main focus is on practical applications, along with research and development (R & D) and knowledge and technology transfer.


Awareness Lab SME (ALARM) Information Security aims, over the space of three years, to create a complete scenario that ranges from raising awareness in SMEs and supporting them in the area of information security to creating tools to enable them to support themselves. Each project year is split into three consecutive phases, each manifesting as an agile and participative process. The phases are geared to the development of innovative analogue and digital learning scenarios, “on-site attacks”, and scientific testing, including awareness measurements, quizzes, and tests. This whole scenario is intended to perform the vital task of raising awareness among executives and employees and thus lead to targeted staff development in SMEs and VSBs, which at present is not standard in these companies. The idea is to make IT security tangible and comprehensible by connecting it with digital processes, which are increasingly prevalent in the workplace. Participants will also be emotionally engaged and actively involved in the development of measures. This should create a durable culture of information security across the organization.


Goals and Content

Working in cooperation with pilot SMEs and handicraft businesses, the project will systematically infer deficiencies and shortcomings within key business processes using defined activity protocols. Security and competence profiles will also be derived from the data. Measures will be developed in both analogue and digital form with a view to activating ongoing and far-reaching awareness of security concerns. These measures will be thoroughly tested and evaluated in a real-world setting. Best-practice guidelines accompanied by success stories from the participating companies will be promulgated at national level via associated transfer partners in a bid to appeal to other business concerns. Innovative measures to enhance in-house awareness in SMEs and VSBs are the prelude to a maturity assessment. The impact analyses are complemented by quality and outcome assurance combined with risk management and an accompanying evaluation. The networking of all participants will be promoted nationwide.


To implement the project’s goals, specific training concepts, awareness-raising concepts, and learning materials, adjusted to the needs of SMEs, will be developed, tested, and evaluated. Game-Based and Accelerated Learning underpin the experience-oriented learning scenarios, which focus on the area of information security. Previous studies and research work carried out by Prof. Scholl and the research partners known_sense have indicated that learning processes in the area of information security it is require learners’ emotions to be engaged, generating a sense of personal motivation. All the materials that are developed will be free for all companies to use at the end of the project as downloads or via online platforms. This will promote a heightened awareness of IT security and raise security levels all across Germany.


Es werden insgesamt sieben digitale und analoge Serious Games zur Verfügung gestellt. Die digitalen Versionen können direkt genutzt werden. Für die Durchführung ananloger Awareness- und Schulungsmaßnahmen in Ihren Unternehmen, stehen Anleitungen für die Moderation und alle benötigten Materialien zur Verfügung.

Seven digital
serious games

Only in German and limited for internal usage

Seven analog
serious games

Only in German and limited for internal usage


Anleitung 1


Sicher zuhause
wohnen & arbeiten

Passwortschutz & Multi-

CEO Fraud

Die 5 Phasen des CEO-Frauds

Mobile Apps

Mobile Kommunikation,
Apps & Co.

Social Engineering

Cyber Pairs

Daten- & Informationsschutz

Die wichtigsten Schutzstrategien


Informationen sicher klassifizieren


App (online)

Der erste Tag

Social Engineering
& Passwortschutz

Der Hackerangriff

& -Werkzeuge

Die Spurensuche

& -Schutzmaßnahmen

KI im Homeoffice

Schutzmaßnahmen im
Homeoffice & Smarthome

Alles nur geCLOUD

& Passwortschutz

Eine Klassifizierung für sich

& Verwendungszweck

Der Ransomware-Angriff

Verschlüsselung & Messenger-Dienste


App (online)


Karl Schattenberg




Public relations

Various publications, articles, and press materials are being produced in the context of the project. These will be made available here on an ongoing basis.

Public relations

Various publications, articles, and press materials are being produced in the context of the project. These will be made available here on an ongoing basis.

Unkonventionelle Schulungen

Link zu Website

Interview -- Schutz vor Cyber-Attacken

ab Minute 1:10 (1GB)

Gegen Hacker-Angriffe gewappnet

Pressemitteilung der MAZ

ALARM erste Ergebnisvorstellung

Pressemitteilung der TH Wildau

Interview 29.11.2020

Zwischen Margit Scholl und dem RBB

ALARM Kick-Off

Pressemitteilung der MAZ

ALARM Kick-Off

Pressemitteilung der TH Wildau




Download (zip) 1,35 MB


Cyber-Angreifende hacken Mitarbeitende und Führungskräfte - was sollten KMU tun?
(IHK Stuttgart)


6. Digitalsalon für Mitte und Pankow


Spielend IT-Sicherheit beachten in Caputh
(Handwerkskammer Potsdam)


HWK-interne Sensibilisierung,
Handwerkskammer Potsdam


Azubi-Ausbildung zu ALARM-Methoden
im ZIT BB Potsdam


DAB Digitalforum 2023


33. Cyber-Sicherheits-Tag


Awareness Forum 2023


Einladung & Programm



an derTechnischen Hochschule Wildau
(in Präsenz)



Kongresszentrum Dresden
32. Cyber-Sicherheits-Tag
Allianz für Cyber-Sicherheit, BSI


Aktionstage IT-Sicherheit

"Angriff aufs System. Was nun? – Herausforderungen, Chancen und Aussichten für IT-Sicherheit in KMU"

Eröffnung 21.09.2022

Aktionstage 22.-23.09.2022


HTW Berlin

11. IT-Sicherheitstag



Awareness Forum 2022



Plakat (PDF)

Flyer im Forschungsprojekt

Broschüre mit wichtigen Erkenntnissen aus Stdudie 1

Aktueller Projekt-Flyer


Current flyer

Awareness Lab SME Information Security

1. Plakat für die Wildauer Wissenschaftswoche

2. Plakat für die Wildauer Wissenschaftswoche

1. Plakat für den Fachtag Informatik an der TH Wildau

2. Plakat für den Fachtag Informatik an der TH Wildau

Poster zu analogen & digitalen Serious Games

Forum 2023

Mittelstand 4.0

Mittelstand 4.0
Cottbus HUB Wildau

Frauenhofer FOKUS

Netzwerk für IT-Sicherheit in der Hauptstadtregion Berlin-Brandenburg

Cybersicherheit für den Mittelstand


(Download PDF 9 MB)

Résumé of the Gamified Increase in Security Awareness in KMU


Building Competence ...

Download Chapter

Play the Analog Game ...

Download Chapter

An Attempt to Obtain
a Multidimensional
Awareness Indicator



Raising Awareness of CEO Fraud in Germany: Emotionally Engaging Narratives Are a MUST for Long-Term Efficacy

Link zum Text

Sustainable Information Security Sensitization in SMEs:
Designing Measures
with Long-Term Effect

Download Präsentation
with Comments (5 MB)

DOI: 10.13140/RG.2.2.34339.53286

Sustainable Information Security Sensitization in SMEs:
Designing Measures
with Long-Term Effect

Download Paper (2 MB)


Informationssicherheitskultur verstehen, mit Serious Games sensibilisieren und das Informationssicherheits- bewusstsein der Mitarbeitenden erhöhen

Link zum PDF (12 MB))

Website zum Tagungsband

Game over vs. Game lover

Download Chapter 5

Game over vs. Game lover

Download Studie 3 (6 MB)

Target Groups in German SMEs for Information Security Training:
The Use and Limits of Job Profiles in Designing Training Units

(auf Englisch)


Link zum Artikel

Identification of Target Groups in German SMEs Based on Job Profiles

Download Proceedings (1 MB)

Link: Website

Using Emotional Design
to Raise Awareness
of Information Security

Link zum Artikel

Raising Information Security Awareness Using Digital Serious Games with Emotional Design

Link zum Artikel

Serious Games als Lernmethode zur Steigerung der Informationssicherheit

Link zum Artikel

Website zur Konferenz

Enabling vs. Entmündigung

Download Studie 2 (8 MB)

Vorwort zum: "Report zur
in KMU –
Sicherheitsrelevante Tätigkeitsprofile"

(auf Englisch)


Link: Website

Qualitative Wirkungsanalyse
Security Awareness in KMU

Download (7 MB)
Download Kurzversion

Vorwort zur: "Qualitative Wirkungsanalyse Security Awareness in KMU Tiefenpsychologische Grundlagenstudie"

(auf Englisch)


Link: Website

Sicherheitsrelevante Tätigkeitsprofile in KMU (2021)

Download Studie 1 (8 MB)

The Current State of Information Security Awareness in German SMEs

Link zur Website

Direktlink zum Text

Global Cybersecurity Index (GCI) and the Role of its 5 Pillars (Englisch)

Link zum Text

(How) Can Directive (EU) 2019/1937 on whistle-
blowers be used to build
up a security and safety culture in Institutions


Link zum Journal

Direktlink zum Text



Gamebook Studio

Ulrike Küchler
+49 345 213 890 03

At Gamebook storytelling is our business-and our passion. Our vision is to create and deliver the best storytelling games available. Our mission is to provide the necessary knowledge and the network along with a tool set that is easy to use and comprehensive at the same time.

We achieve these goals by thinking out of the box and combining our web-based software with agile networks where we bring IT developers, producers, game designers, artists, and authors together in a way nobody ever imagined-all in one place. Since our foundation in 2010, this idea has driven us and our team has been continuously growing ever since.

Today, we offer Games and Training-as-a-Service solutions for all kinds of projects: from IP based interactive Visual Novels to custom learning experiences that facilitate the power of good stories.

Known_sense is committed to providing a look behind the scenes using the requisite knowledge of people as “black boxes”: the result is lively communication on the subject of security and effective awareness-raising. The company has been working in this way since 2002. Globally, we were the very first agency to be completely focused on awareness-raising, and we are still the only firm that serves the entire value chain from impact studies on security to conceptual design, consulting, product development, design, media production, training, gamification, evaluation, and much more. In the two decades since the company was founded, our consultants, creatives, psychologists, and trainers have implemented measures for more than a hundred small and large companies in almost fifty countries and in twenty-five different languages. These measures are derived from a knowledge of the paradoxical urges that drive people in the context of security and—to quote numerous clients and customers—get them to do “peculiar” things: things that need to be examined carefully and require special responses.

Our task within the project ALARM is to conduct qualitative impact studies based on depth psychology—we are responsible, in other words, for a baseline study of information security and awareness within SMEs, for testing the concepts and products, and for developing, visualizing, and manufacturing seven game-based, analogue learning scenarios.


Dietmar Pokoyski
02203 1831618

Thinking Objects

Martina Vogt
+49 152- 05706824

IT. High-performance. Safe. Customer-oriented. The owner-operated company Thinking Objects—TO, for short—is a competent IT service provider with a focus on IT security. For more than twenty-five years TO has been delivering solutions tailored to the market that offer support, relieve stress, promote optimization, and provide security for the IT departments in SMEs and corporations.

TO brings to the ALARM project its expertise in conceptualizing and executing “on-site attacks”. The assessments of these attacks lead to recommendations for action for low-threshold safety concepts, on the basis of which each company can enhance its ability to make independent decisions with a bearing on IT security.

Located in Potsdam since 2004, Sudile is a company that focuses on developing and adjusting learning platforms, providing consultations on the implementation of e-Learning and Blended Learning, trainings on topics related to e-Learning, and the didactic conceptualization of learning services.

In the ALARM project, mathematical chemist Dr Rainer Brüggemann uncovers the connections (“matches”) between and within two groups: a) anonymous subjects and b) cyberattacks. The “matching” research approach contributes to awareness measurements, promotes a better understanding of the relationship between cyberattacks and the companies affected by them, and helps define learning success.


Dr. Rainer Brüggemann


Prof. Margit Scholl

Project management

Regina Schuktomow

Operational project management

Olesja Mujkic



ALARM information security’s team is interdisciplinary in nature and has gained valuable experience in related projects.

Frauke Prott

Qualitymanagement & digital learning scenarios

Hubertus von Tippelskirch

R&D - Research, didactics and evaluation

Peter Koppatz

R&D - On-site-Attacks and programming

Peter-Ernst Ehrlich

Lab engineer

Bernhard Zientek


Former Employees

who have supported us at times.

Mario Zakrewski

Evaluation analog learning scenariosn

Josephine Gerlach

R&D - Assistant

Julian Bechthold

R&D - digital learning scenarios, programming, and design

Denis Edich

Programming, and design

Christin Walch

R&D - Publications and project management

Stefanie Gube

R&D - Prepational awareness and SME-Readiness



Technical University of Applied Sciences Wildau
Hochschulring 1
15745 Wildau

Prof. Margit Scholl
Project management
Faculty: Business, Computing and Law

+49 3375 508 917
Haus 100, Raum 106

Regina Schuktomow
Operational project management

+49 3375 508 239
Haus 100, Raum 304