Government digital agendas worldwide go hand in hand with the digital transformation in businesses and public administrations as well as the digital changes taking place in society. Information security (IS) and awareness (ISA) must be an integrated part of these agendas. The goal of IS is to protect information of all types and origins. Here, the employees play a necessary and significant role in the success of IS, and the entire staff of an institution need to know about their specific roles and be aware of the information security management system (ISMS). As there are still fundamental strategic deficiencies in the institutions themselves, humans should not be called “the weakest link” in the security chain. Rather, sustainable awareness-raising and training for people should be established in the institutions using interactive, authentic, and game-based learning methods. Psychological studies show the great importance of emotionalization when communicating IS knowledge and the reliable exchange of experience about IS. However, in many institutions, a change in culture is becoming necessary. IS must be integrated into all (business) processes and projects, and viable safeguards must be included. This chapter summarizes the most important scientific findings and transfers them to the practice of public administrations in Germany. Moreover, it shows examples of learning methods and provides practical assistance for IS sensitization and training.
Part of the book: Public Management and Administration
The COVID-19 pandemic triggered a large, sustained shift to working from home. This sudden shift to a new environment rapidly increased the opportunities for cyberattacks on individuals. The employees of small- and medium-sized companies can be seen as a major new target for cyberattacks because cybercrime prevention is often neglected in home offices. Human beings are the current target of cyberattacks as well as the last line of defense, especially when technology fails. Awareness of cyber situations is an essential aspect of managing information security risks. Continuous information security awareness measures targeted to all employees are an existential necessity for companies if they are to develop their digitization successfully. The article illustrates a German project developing an overall scenario with a mix of measures for companies designed to raise such awareness. Analog and digital narrative serious games with interactive and discursive elements focused on the home office are described in detail as a part of the overall scenario. They must be carefully designed and used within a practice-oriented mix for the target groups, so that information security is made tangible and comprehensible. All materials will be made available for noncommercial use in German on the project website by September 2023.
Part of the book: Reimagining Education