Serious gamingTerranova is breaking new ground in information security training and awareness by including the concepts and techniques of “serious gaming” in its training services.

Serious gaming is a playful way to deal with important subjects, such as information security. The concept combines play with the educational objective of making training (which can sometimes be boring), about subjects (which may be uninteresting), more appealing. Play provides a type of experiential learning that fits better with the learning profile of the current generation of young workers. Serious gaming stimulates learning by making the learning player more receptive to, concentrated on, and engaged in the activity.

Much more than simply a means of transmitting information, serious gaming first raises awareness, so that learning players are able to understand the issues and to change their perceptions and habits. The concept also helps develop knowledge and practices through interactivity and simulation. The players’ experience is captivating and the interactivity inherent in gaming holds their interest throughout the training session. These factors engage users, thus increasing the effectiveness of the training. Serious gaming also includes an assessment component to measure how well the pre-defined objectives have been reached.

In information security, the human factor is generally the weak link in the chain and for good reason. Many security problems or incidents are the result of carelessness or inattention. Through the serious gaming approach for information security training and awareness, Terranova aims to turn this situation around, helping employees develop appropriate knowledge and expertise to become strong links. Thus, adequately trained employees or managers can be seen as the solid base of their businesses, defending it against various threats, such as those using social engineering techniques. In fact, phishing or spear-phishing techniques attempt to exploit human weaknesses through various subterfuges and are generally difficult to detect by the standard security management tools, such as antivirus software, firewalls, and Web filters.