{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,15]],"date-time":"2026-03-15T04:23:59Z","timestamp":1773548639615,"version":"3.50.1"},"publisher-location":"Singapore","reference-count":41,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819902712","type":"print"},{"value":"9789819902729","type":"electronic"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-981-99-0272-9_5","type":"book-chapter","created":{"date-parts":[[2023,2,15]],"date-time":"2023-02-15T14:16:09Z","timestamp":1676470569000},"page":"64-82","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["CATS: A Serious Game in\u00a0Industry Towards Stronger Cloud Security"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1518-4730","authenticated-orcid":false,"given":"Tiange","family":"Zhao","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4286-3184","authenticated-orcid":false,"given":"Ulrike","family":"Lechner","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2725-7629","authenticated-orcid":false,"given":"Maria","family":"Pinto-Albuquerque","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0924-6325","authenticated-orcid":false,"given":"Ece","family":"Ata","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1462-6701","authenticated-orcid":false,"given":"Tiago","family":"Gasiba","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,2,16]]},"reference":[{"key":"5_CR1","doi-asserted-by":"crossref","unstructured":"Al Nafea, R., Almaiah, M.A.: Cyber security threats in cloud: literature review. In: 2021 International Conference on Information Technology (ICIT), pp. 779\u2013786. IEEE (2021)","DOI":"10.1109\/ICIT52682.2021.9491638"},{"key":"5_CR2","unstructured":"Cloud Security Alliance: Cloud controls matrix v4 (2021). https:\/\/cloudsecurityalliance.org\/artifacts\/cloud-controls-matrix-v4\/"},{"key":"5_CR3","unstructured":"ATT &CK, M.: Techniques, May 2017. https:\/\/attack.mitre.org\/techniques\/"},{"key":"5_CR4","unstructured":"ATT &CK, M.: MITRE ATT &CK Cloud Matrix (2020). https:\/\/attack.mitre.org\/versions\/v8\/ matrices\/enterprise\/cloud\/"},{"key":"5_CR5","unstructured":"AWS: Amazon EC2 secure and resizable compute capacity for virtually any workload, May 2022. https:\/\/aws.amazon.com\/ec2"},{"key":"5_CR6","doi-asserted-by":"publisher","unstructured":"Casinillo, L., Tavera, G.: On the dark side of learning calculus: evidence from agribusiness students. IJIET (Int. J. Indonesian Educ. Teach.) 5, 52\u201360 (2021). https:\/\/doi.org\/10.24071\/ijiet.v5i1.2825","DOI":"10.24071\/ijiet.v5i1.2825"},{"key":"5_CR7","unstructured":"CSA: Top threats to cloud computing: The egregious 11. BLACKHAT2019 (2019)"},{"key":"5_CR8","series-title":"Foundations, Concepts and Practice","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40612-1","volume-title":"Serious Games","year":"2016","unstructured":"D\u00f6rner, R., G\u00f6bel, S., Effelsberg, W., Wiemeyer, J. (eds.): Serious Games. Foundations, Concepts and Practice, Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-40612-1"},{"key":"5_CR9","unstructured":"ECMA-404: Json format, May 2022. https:\/\/www.json.org\/json-en.html"},{"key":"5_CR10","doi-asserted-by":"publisher","unstructured":"Espinha Gasiba, T., Andrei-Cristian, I., Lechner, U., Pinto-Albuquerque, M.: Raising security awareness of cloud deployments using infrastructure as code through cybersecurity challenges. In: The 16th International Conference on Availability, Reliability and Security. ARES 2021, Association for Computing Machinery, New York, NY, USA (2021). https:\/\/doi.org\/10.1145\/3465481.3470030","DOI":"10.1145\/3465481.3470030"},{"key":"5_CR11","doi-asserted-by":"crossref","unstructured":"Espinha Gasiba, T., Andrei-Cristian, I., Lechner, U., Pinto-Albuquerque, M.: Raising security awareness of cloud deployments using infrastructure as code through cybersecurity challenges. In: The 16th International Conference on Availability, Reliability and Security, pp. 1\u20138 (2021)","DOI":"10.1145\/3465481.3470030"},{"key":"5_CR12","doi-asserted-by":"publisher","unstructured":"Ferro, L.S., Marrella, A., Catarci, T., Sapio, F., Parenti, A., De Santis, M.: AWATO: a serious game to improve cybersecurity awareness. In: Fang, X. (ed.) HCI in Games, vol. 13334, pp. 508\u2013529. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-05637-6_33","DOI":"10.1007\/978-3-031-05637-6_33"},{"issue":"1","key":"5_CR13","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s42400-019-0043-x","volume":"3","author":"T Gasiba","year":"2020","unstructured":"Gasiba, T., Lechner, U., Pinto-Albuquerque, M.: Sifu-a cybersecurity awareness platform with challenge assessment and intelligent coach. Cybersecurity 3(1), 1\u201323 (2020)","journal-title":"Cybersecurity"},{"key":"5_CR14","series-title":"Lecture Notes in Information Systems and Organisation","doi-asserted-by":"publisher","first-page":"370","DOI":"10.1007\/978-3-030-86797-3_25","volume-title":"Innovation Through Information Systems","author":"T Gasiba","year":"2021","unstructured":"Gasiba, T., Lechner, U., Pinto-Albuquerque, M.: CyberSecurity challenges for software developer awareness training in industrial environments. In: Ahlemann, F., Sch\u00fctte, R., Stieglitz, S. (eds.) WI 2021. LNISO, vol. 47, pp. 370\u2013387. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-86797-3_25"},{"key":"5_CR15","unstructured":"Gasiba, T., Lechner, U., Pinto-Albuquerque, M.: Cybersecurity challenges: serious games for awareness training in industrial environments. Federal Office for Information Security (ed.) Germany Digital Secure. 30 Years BSI - Proceedings of the 17th German IT Security Congress 2021, February 2021"},{"key":"5_CR16","unstructured":"Gasiba, T., Hodzic, S., Lechner, U., Albuquerque, M.P.: Raising awareness on secure coding in the industry through CyberSecurity challenges. Ph.D. thesis, Universit\u00e4t der Bundeswehr M\u00fcnchen (2021)"},{"key":"5_CR17","unstructured":"Gleasure, R.: What is a \u2018wicked problem\u2019 for is research? In: SIG Prag Workshop on IT Artefact Design & Workpractice Improvement, 5 June 2013, Tilburg, The Netherlands (2013)"},{"key":"5_CR18","doi-asserted-by":"publisher","unstructured":"Gleeson, N., Walden, I.: \u2018It\u2019s a jungle out there\u2019?: Cloud Computing, Standards and the Law. SSRN Electron. J. (2014). https:\/\/doi.org\/10.2139\/ssrn.2441182","DOI":"10.2139\/ssrn.2441182"},{"key":"5_CR19","unstructured":"Group, K.: Konva.js - html5 2D canvas js library for desktop and mobile applications, May 2022. https:\/\/konvajs.org\/"},{"key":"5_CR20","doi-asserted-by":"crossref","unstructured":"H\u00e4nsch, N., Benenson, Z.: Specifying IT security awareness. In: 2014 25th International Workshop on Database and Expert Systems Applications, pp. 326\u2013330. IEEE (2014)","DOI":"10.1109\/DEXA.2014.71"},{"key":"5_CR21","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101827","volume":"95","author":"S Hart","year":"2020","unstructured":"Hart, S., Margheri, A., Paci, F., Sassone, V.: Riskio: a serious game for cyber security awareness and education. Comput. Secur. 95, 101827 (2020). https:\/\/doi.org\/10.1016\/j.cose.2020.101827","journal-title":"Comput. Secur."},{"key":"5_CR22","first-page":"4","volume":"19","author":"A Hevner","year":"2007","unstructured":"Hevner, A.: A three cycle view of design science research. Scand. J. Inf. Syst. 19, 4 (2007)","journal-title":"Scand. J. Inf. Syst."},{"key":"5_CR23","doi-asserted-by":"publisher","first-page":"75","DOI":"10.2307\/25148625","volume":"28","author":"A Hevner","year":"2004","unstructured":"Hevner, A., March, S., Park, J.: Design science in information systems research. Manage. Inf. Syst. Q. 28, 75\u2013105 (2004)","journal-title":"Manage. Inf. Syst. Q."},{"key":"5_CR24","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1007\/978-981-19-0468-4_13","volume-title":"Ubiquitous Security (UbiSec 2021)","author":"AC Iosif","year":"2022","unstructured":"Iosif, A.C., Gasiba, T.E., Zhao, T., Lechner, U., Pinto-Albuquerque, M.: A large-scale study on the security vulnerabilities of cloud deployments. In: Wang, G., Choo, K.K.R., Ko, R.K.L., Xu, Y., Crispo, B. (eds.) Ubiquitous Security (UbiSec 2021), pp. 171\u2013188. Springer, Singapore (2022). https:\/\/doi.org\/10.1007\/978-981-19-0468-4_13"},{"key":"5_CR25","unstructured":"ISO27002: ISO\/IEC 27002:2013 information technology - security techniques - code of practice for information security controls (2013). https:\/\/www.iso.org\/standard\/54533.html"},{"key":"5_CR26","unstructured":"ISO27017: ISO\/IEC 27017:2015 information technology - security techniques - code of practice for information security controls based on ISO\/IEC 27002 for cloud services (2015). https:\/\/www.iso.org\/standard\/43757.html"},{"key":"5_CR27","doi-asserted-by":"crossref","unstructured":"Jak\u00f3bik, A.: Stackelberg game modeling of cloud security defending strategy in the case of information leaks and corruption. Simul. Model. Pract. Theory 103, 102071 (2020)","DOI":"10.1016\/j.simpat.2020.102071"},{"key":"5_CR28","doi-asserted-by":"publisher","first-page":"99","DOI":"10.1016\/j.jnca.2018.02.015","volume":"110","author":"A Jak\u00f3bik","year":"2018","unstructured":"Jak\u00f3bik, A., Palmieri, F., Ko\u0142odziej, J.: Stackelberg games for modeling defense scenarios against cloud security threats. J. Netw. Comput. Appl. 110, 99\u2013107 (2018)","journal-title":"J. Netw. Comput. Appl."},{"key":"5_CR29","doi-asserted-by":"publisher","first-page":"102","DOI":"10.1007\/978-981-19-0468-4_8","volume-title":"Ubiquitous Security (UbiSec 2021)","author":"AMY Koay","year":"2022","unstructured":"Koay, A.M.Y., Xie, M., Ko, R.K.L., Sterner, C., Choi, T., Dong, N.: SDGen: a scalable, reproducible and flexible approach to generate real world cyber security datasets. In: Wang, G., Choo, K.K.R., Ko, R.K.L., Xu, Y., Crispo, B. (eds.) Ubiquitous Security (UbiSec 2021), pp. 102\u2013115. Springer, Singapore (2022). https:\/\/doi.org\/10.1007\/978-981-19-0468-4_8"},{"issue":"6","key":"5_CR30","doi-asserted-by":"publisher","first-page":"752","DOI":"10.1177\/1046878114563660","volume":"45","author":"RN Landers","year":"2014","unstructured":"Landers, R.N.: Developing a theory of gamified learning: linking serious games and gamification of learning. Simul. Gaming 45(6), 752\u2013768 (2014)","journal-title":"Simul. Gaming"},{"issue":"2","key":"5_CR31","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1177\/1056492618790913","volume":"28","author":"RN Landers","year":"2019","unstructured":"Landers, R.N.: Gamification misunderstood: how badly executed and rhetorical gamification obscures its transformative potential. J. Manag. Inq. 28(2), 137\u2013140 (2019)","journal-title":"J. Manag. Inq."},{"key":"5_CR32","unstructured":"NIST: National institute of standards and technology (2022). https:\/\/www.nist.gov\/"},{"key":"5_CR33","doi-asserted-by":"crossref","unstructured":"Peter Mell (NIST), T.G.N.: SP 800\u2013145 the NIST definition of cloud computing, September 2011. https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-145\/final","DOI":"10.6028\/NIST.SP.800-145"},{"key":"5_CR34","unstructured":"Python3: Python is a programming language that lets you work quickly and integrate systems more effectively, May 2022. https:\/\/www.python.org\/"},{"key":"5_CR35","unstructured":"Shostack, A.: Tabletop security games & cards (2021). https:\/\/shostack.org\/games.html"},{"key":"5_CR36","doi-asserted-by":"crossref","unstructured":"\u0160v\u00e1bensk\u1ef3, V., Vykopal, J., Cermak, M., La\u0161tovi\u010dka, M.: Enhancing cybersecurity skills by creating serious games. In: Proceedings of the 23rd Annual ACM Conference on Innovation and Technology in Computer Science Education, pp. 194\u2013199 (2018)","DOI":"10.1145\/3197091.3197123"},{"key":"5_CR37","doi-asserted-by":"publisher","unstructured":"Tang, Y., Zhang, D., Liang, W., Li, K.C., Sukhija, N.: Active malicious accounts detection with multimodal fusion machine learning algorithm. In: Wang, G., Choo, K.K.R., Ko, R.K.L., Xu, Y., Crispo, B. (eds.) Ubiquitous Security (UbiSec 2021), vol. 1557, pp. 38\u201352. Springer, Singapore (2022). https:\/\/doi.org\/10.1007\/978-981-19-0468-4_4","DOI":"10.1007\/978-981-19-0468-4_4"},{"key":"5_CR38","unstructured":"Wiki, E.: Spearman\u2019s rank correlation coefficient (1988). https:\/\/www.viewer.vn\/wiki"},{"key":"5_CR39","doi-asserted-by":"publisher","unstructured":"Zhao, T., Gasiba, T., Lechner, U., Pinto-Albuquerque, M.: Raising awareness about cloud security in industry through a board game. Information 12(11), 482 (2021). https:\/\/doi.org\/10.3390\/info12110482","DOI":"10.3390\/info12110482"},{"key":"5_CR40","doi-asserted-by":"publisher","unstructured":"Zhao, T., Gasiba, T.E., Lechner, U., Pinto-Albuquerque, M.: Exploring a board game to improve cloud security training in industry. In: Henriques, P.R., Portela, F., Queir\u00f3s, R., Sim\u00f5es, A. (eds.) Second International Computer Programming Education Conference (ICPEC 2021). Open Access Series in Informatics (OASIcs), vol. 91, pp. 11:1\u201311:8. Schloss Dagstuhl - Leibniz-Zentrum f\u00fcr Informatik, Dagstuhl, Germany (2021). https:\/\/doi.org\/10.4230\/OASIcs.ICPEC.2021.11, https:\/\/drops.dagstuhl.de\/opus\/volltexte\/2021\/14227","DOI":"10.4230\/OASIcs.ICPEC.2021.11"},{"key":"5_CR41","doi-asserted-by":"publisher","unstructured":"Zhao, T., Lechner, U., Pinto-Albuquerque, M., Ata, E.: Cloud of assets and threats: a playful method to raise awareness for cloud security in industry. In: Sim\u00f5es, A., Silva, J.A.C. (eds.) Third International Computer Programming Education Conference (ICPEC 2022). Open Access Series in Informatics (OASIcs), vol. 102, pp. 6:1\u20136:13. Schloss Dagstuhl - Leibniz-Zentrum f\u00fcr Informatik, Dagstuhl, Germany (2022). https:\/\/doi.org\/10.4230\/OASIcs.ICPEC.2022.6, https:\/\/drops.dagstuhl.de\/opus\/volltexte\/2022\/16610","DOI":"10.4230\/OASIcs.ICPEC.2022.6"}],"container-title":["Communications in Computer and Information Science","Ubiquitous Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-99-0272-9_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,6,13]],"date-time":"2023-06-13T17:02:25Z","timestamp":1686675745000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-99-0272-9_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9789819902712","9789819902729"],"references-count":41,"URL":"https:\/\/doi.org\/10.1007\/978-981-99-0272-9_5","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"value":"1865-0929","type":"print"},{"value":"1865-0937","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"16 February 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"UbiSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Ubiquitous Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Zhangjiajie","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 December 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31 December 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ubisec2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/ubisecurity.org\/2022\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"98","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"34","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"35% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}