Introducing and Interfacing with Cybersecurity -- A Cards Approach

TL;DR

This paper introduces a playing cards approach to simplify cybersecurity education, making complex concepts more accessible for beginners and facilitating discussion and understanding of cybersecurity scenarios.

Contribution

It proposes a novel card-based format for cybersecurity knowledge derived from CyBOK, enhancing accessibility and discussion for novices.

Findings

80% of participants found the cards provided introductory cybersecurity knowledge.

70% agreed the cards facilitated discussion and linking of cybersecurity concepts.

The approach improved engagement and understanding among novice users.

Abstract

Cybersecurity is an important topic which is often viewed as one that is inaccessible due to steep learning curves and a perceived requirement of needing specialist knowledge. With a constantly changing threat landscape, practical solutions such as best-practices are employed, but the number of critical cybersecurity-related incidents remains high. To address these concerns, the National Cyber Security Centre published a Cybersecurity Body of Knowledge (CyBOK) to provide a comprehensive information base used to advise and underpin cybersecurity learning. Unfortunately, CyBOK contains over 1000 pages of in-depth material and may not be easy to navigate for novice individuals. Furthermore, it does not allow for easy expression of various cybersecurity scenarios that such individuals may be exposed to. As a solution to these two issues, we propose the use of a playing cards format to provide introductory cybersecurity knowledge that supports learning and discussion, using CyBOK as the foundation for the technical content. Upon evaluation in two user studies, we found that 80% of the participants agreed the cards provided them with introductory knowledge of cybersecurity topics, and 70% agreed the cards provided an interface for discussing topics and enabled them to make links between attacks, vulnerabilities and defences.