Gamification has been the buzz for the past few years. Game design concepts
are
appearing in everyday interactions
like education, physical fitness/wellness, automotive design and even personal
finances [and]. I am thinking about ways to use gameplay mechanics to reward
employees for completing otherwise mundane tasks. I want to unlock that
achievement "Making Work Fun".
Typical gaming techniques include:
* achievement "badges"
* achievement levels
* "leader boards"
* a progress bar or other visual meter to indicate how close people are
to
completing a task a company is trying to encourage, such as completing a social
networking profile or earning a frequent shopper loyalty award.
* virtual currency
* systems for awarding, redeeming, trading, gifting, and otherwise
exchanging
points
* challenges between users
* embedding small casual games within other activities
There are hacker challenges and competitions that encourage youth into the
field
of information security (or used as a recruiting ground by government agencies
or companies)
What could day-to-day gamification of Information Security in the workplace
look
like? I want to brainstorm a few ideas first without thinking about the
specific implementation (as this may put constraints or limits on the mechanics
of the awards).
For example, awards could be something like:
* "Security First": # of days without violating security policy or
acceptable
use (30 days, 90 days, 6 months, 1 year, 2 years, 5 years)
* "Security Smarts": # of hours of security awareness training
completed
(users could also get credits for reading security bulletins).
* "Security Star": based on the score an employee receives on security
awareness quiz (bronze: >80%, silver: >90%, gold: 100%)
* "Strong Passwords": employee uses strong passwords
* "Memory Like an Elephant" - # days without a password reset (30 days,
90
days, 6 months, 1 year, 2 years, 5 years)
* "Security Points": some form of currency or experience points for
completing security related tasks or activities
For IT staff there are other things I can think of regarding service
management, system management, patch management, change management and risk
management (this can apply to most employees).
Maybe these are tracked and displayed individually or as a department to
foster friendly competition and encourage better security practices. Maybe
these are used as part of an annual performance review.
Basically, informatio security departments tends to get a bad reputation
because
they are the stick enforcing security policies. I'm trying to think of ways to
be the carrot. I would rather provide a wall of fame for the superstars rather
than a wall of shame (though I remember in one organization we had a giant
screw
mounted on a piece of wood... "screw up award"... it was the hot potato... we
were always quick to pass it along to the next deserving coworker).
Any examples of gamification you've experienced in the workplace? Or, can you
think of any ways to gamify information security?
.b
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
