Cybersecurity is an important topic which is often viewed as one that is inaccessible due to steep learning curves and a perceived requirement of needing specialist knowledge. With a constantly changing threat landscape, practical solutions such as best-practices are employed, but the number of critical cybersecurity-related incidents remains high. To address these concerns, the National Cyber Security Centre published a Cybersecurity Body of Knowledge (CyBOK) to provide a comprehensive information base used to advise and underpin cybersecurity learning. Unfortunately, CyBOK contains over 1000 pages of in-depth material and may not be easy to navigate for novice individuals. Furthermore, it does not allow for easy expression of various cybersecurity scenarios that such individuals may be exposed to. As a solution to these two issues, we propose the use of a playing cards format to provide introductory cybersecurity knowledge that supports learning and discussion, using CyBOK as the foundation for the technical content. Upon evaluation in two user studies, we found that 80% of the participants agreed the cards provided them with introductory knowledge of cybersecurity topics, and 70% agreed the cards provided an interface for discussing topics and enabled them to make links between attacks, vulnerabilities and defences.

翻译：网络安全是一个重要议题，常因陡峭的学习曲线和被视作需要专业知识的要求而让人望而却步。面对不断变化的威胁环境，虽然采用了诸如最佳实践等实用解决方案，但与网络安全相关的重大事件数量仍居高不下。为解决这些问题，英国国家网络安全中心发布了《网络安全知识体系》（CyBOK），旨在提供一个全面的信息基础，用以指导并支撑网络安全学习。然而，CyBOK包含超过1000页的深入内容，对新手而言可能难以驾驭。此外，它也不便于表达这些新手可能遇到的各种网络安全场景。针对这两个问题，我们提出采用纸牌形式来提供介绍性的网络安全知识，以支持学习与讨论，并基于CyBOK作为技术内容的基础。经过两项用户研究评估，我们发现80%的参与者认同这些纸牌为他们提供了网络安全主题的介绍性知识，70%的参与者认为这些纸牌为讨论相关话题提供了交流界面，并使他们能够在攻击、漏洞和防御之间建立联系。