The incidence of cybersecurity attacks utilizing social engineering techniques has increased. Such attacks exploit the fact that in every secure system, there is at least one individual with the means to access sensitive information. Since it is easier to deceive a person than it is to bypass the defense mechanisms in place, these types of attacks have gained popularity. This situation is exacerbated by the fact that people are more likely to take risks in their passive form, i.e., risks that arise due to the failure to perform an action. Passive risk has been identified as a significant threat to cybersecurity. To address these threats, there is a need to strengthen individuals' information security awareness (ISA). Therefore, we developed ConGISATA - a continuous gamified ISA training and assessment framework based on embedded mobile sensors; a taxonomy for evaluating mobile users' security awareness served as the basis for the sensors' design. ConGISATA's continuous and gradual training process enables users to learn from their real-life mistakes and adapt their behavior accordingly. ConGISATA aims to transform passive risk situations (as perceived by an individual) into active risk situations, as people tend to underestimate the potential impact of passive risks. Our evaluation of the proposed framework demonstrates its ability to improve individuals' ISA, as assessed by the sensors and in simulations of common attack vectors.

翻译：利用社会工程技术的网络攻击事件呈上升趋势。这类攻击利用了每个安全系统中至少存在一个能访问敏感信息个体的漏洞。由于欺骗人员比突破现有防御机制更容易，此类攻击日益流行。而人们更易在被动风险形式下（即因未采取行动而产生的风险）冒险这一事实，进一步加剧了该态势。被动风险已被认定为网络安全重大威胁。为应对这些威胁，亟需强化个体的信息安全意识。为此，我们基于嵌入式移动传感器开发了ConGISATA——一种持续化游戏式ISA培训与评估框架；传感器设计以评估移动用户安全意识的分类法为基础。ConGISATA通过持续渐进式培训流程，使用户能够从现实错误中学习并相应调整行为。该框架旨在将被动风险情境（依个体认知）转化为主动风险情境，因人们往往低估被动风险的潜在影响。对框架的评估表明，其能有效提升个体的ISA水平，该结论通过传感器评估结果及常见攻击向量的仿真测试得到验证。