Conceptualizing and Prototyping a Cybersecurity Awareness Training
Role-specific, gamified microlearning turns Disaster Recovery Plans from paperwork into practice. This project designs and tests a role based, narrative-driven training that helps product leaders create, maintain and test DRPs in line with NIS 2.0, ISO/IEC 27001, ISO 22301 and NIST SP 800-34.
Daniel Balzarini, 2025
Art der Arbeit Bachelor Thesis
Auftraggebende A multinational retail and distribution organization
Betreuende Dozierende Misyura, Ilya
Views: 3
Although Disaster Recovery Plans (DRPs) are mandatory and embedded in the discussed organization’s compliance framework, there are clear opportunities to strengthen their consistency and testing. Reviews of existing artefacts highlight the potential to clarify recovery metrics and bring guidance closer to day-to-day work. Rather than broad, generic courses, a focused, practical program for product leaders is the most effective way to translate policy into everyday practice while meeting rising continuity expectations and regulatory requirements.
Using a Design Research approach, the work moved through three full diagnose–design/build–evaluate-refinement cycles. Evidence came from interviews with product leaders and security experts, a review of risk logs and DRPs and repeated Likert-scale questionnaires. Insights shaped an eight-lesson microlearning concept with a simple storyline, short videos, decision points, quizzes and “read more” links to official guidance. A clickable prototype was refined after each test to improve clarity, realism and usability.
Testing shows steady gains: by the third iteration, users rated relevance, usability and motivation at 4/5 to 5/5. Stakeholders confirmed that the training clarifies who does what, improves understanding of recovery metrics (RTO/RPO/MAO) and makes DRP testing more approachable, e.g., through simulated tabletop scenarios. The narrative persona and light gamification (progress, badges) increase completion without distracting from content.
For the client, the immediate benefit is a ready-to-pilot training concept that fits existing learning platforms and can be taken in five-minute blocks. It directly targets the most frequent gaps found in DRPs - missing metrics, outdated contacts, weak test evidence - and links every lesson to the organization’s governance standards. This promises better DRP completeness and a more regular testing cadence, supporting audit readiness and alignment with NIS 2.0, ISO/IEC 27001, ISO 22301 and NIST SP 800-34.
Because the design is modular and role-based, it scales to other teams and topics (e.g., backups, identity and access management) with minimal rework. To conclude, the client receives an evidence-based, practical path to strengthen continuity compet
Studiengang: Business Information Technology (Bachelor)
Keywords Cybersecurity, Training, Awareness, Concept, Microlearning, Gamification, Resilience
Vertraulichkeit: vertraulich