We found that the large action space intrinsic to any computer system is a particular challenge for reinforcement learning, in contrast to other applications such as video games or robot control. PROGRAM, TWO ESCAPE THAT POORLY DESIGNED Applying gamification concepts to your DLP policies can transform a traditional DLP deployment into a fun, educational and engaging employee experience. Reward and recognize those people that do the right thing for security. In an interview, you are asked to explain how gamification contributes to enterprise security. Enterprise gamification platforms have the system capabilities to support a range of internal and external gamification functions. First, Don't Blame Your Employees. It's not rocket science that achieving goalseven little ones like walking 10,000 steps in a day . The fence and the signs should both be installed before an attack. In the area of information security, for example, an enterprise can implement a bug-bounty program, whereby employees (ethical hackers, researchers) earn bounties for finding and reporting bugs in the enterprises systems. Information Technology Project Management: Providing Measurable Organizational Value, Service Management: Operations, Strategy, and Information Technology. Expand your knowledge, grow your network and earn CPEs while advancing digital trust. The enterprise will no longer offer support services for a product. This means your game rules, and the specific . The proposed Securities and Exchange Commission rule creates new reporting obligations for United States publicly traded companies to disclose cybersecurity incidents, risk management, policies, and governance. Cumulative reward function for an agent pre-trained on a different environment. CyberBattleSim provides a way to build a highly abstract simulation of complexity of computer systems, making it possible to frame cybersecurity challenges in the context of reinforcement learning. These photos and results can be shared on the enterprises intranet site, making it like a competition; this can also be a good promotion for the next security awareness event. Security awareness training is a formal process for educating employees about computer security. One popular and successful application is found in video games where an environment is readily available: the computer program implementing the game. At the 2016 RSA Conference in San Francisco I gave a presentation called "The Gamification of Data Loss Prevention." This was a new concept that we came up with at Digital Guardian that can be . These rewards can motivate participants to share their experiences and encourage others to take part in the program. Therefore, organizations may . Enterprise security risk management is the process of avoiding and mitigating threats by identifying every resource that could be a target for attackers. 10. However, they also pose many challenges to organizations from the perspective of implementation, user training, as well as use and acceptance. Between player groups, the instructor has to reestablish or repair the room and check all the exercises because players sometimes modify the password reminders or other elements of the game, even unintentionally. For instance, the snippet of code below is inspired by a capture the flag challenge where the attackers goal is to take ownership of valuable nodes and resources in a network: Figure 3. Computer and network systems, of course, are significantly more complex than video games. Before gamification elements can be used to improve the security knowledge of users, the current state of awareness must be assessed and bad habits identified; only then can rules, based on experience, be defined. Agents may execute actions to interact with their environment, and their goal is to optimize some notion of reward. We implement mitigation by reimaging the infected nodes, a process abstractly modeled as an operation spanning multiple simulation steps. Build your teams know-how and skills with customized training. Gamified applications or information security escape rooms (whether physical or virtual) present these opportunities and fulfill the requirements of a modern security awareness program. . Our experience shows that, despite the doubts of managers responsible for . Short games do not interfere with employees daily work, and managers are more likely to support employees participation. Of course, it is also important that the game provide something of value to employees, because players like to win, even if the prize is just a virtual badge, a certificate or a photograph of their results. This study aims to examine how gamification increases employees' knowledge contribution to the place of work. They offer a huge library of security awareness training content, including presentations, videos and quizzes. It's a home for sharing with (and learning from) you not . We then set-up a quantitative study of gamified enterprise crowdsourcing by extending a mobile enterprise crowdsourcing application (ECrowd [30]) with pluggable . The protection of which of the following data type is mandated by HIPAA? Incorporating gamification into the training program will encourage employees to pay attention. Gamification has become a successful learning tool because it allows people to do things without worrying about making mistakes in the real world. Yousician. Language learning can be a slog and takes a long time to see results. In an interview, you are asked to differentiate between data protection and data privacy. Because the network is static, after playing it repeatedly, a human can remember the right sequence of rewarding actions and can quickly determine the optimal solution. If they can open and read the file, they have won and the game ends. It is a critical decision-making game that helps executives test their information security knowledge and improve their cyberdefense skills. Recreational gaming helps secure an enterprise network by keeping the attacker engaged in harmless activities. You are asked to train every employee, from top-level officers to front gate security officers, to make them aware of various security risks. Reconsider Prob. If there is insufficient time or opportunity to gather this information, colleagues who are key users, who are interested in information security and who know other employees well can provide ideas about information security risk based on the human factor.10. 6 Ibid. Step guide provided grow 200 percent to a winning culture where employees want to stay and grow the. Which of the following methods can be used to destroy data on paper? This is the way the system keeps count of the player's actions pertaining to the targeted behaviors in the overall gamification strategy. How should you train them? In an interview, you are asked to explain how gamification contributes to enterprise security. Baby Boomers lay importance to job security and financial stability, and are in turn willing to invest in long working hours with the utmost commitment and loyalty. Examples ofremotevulnerabilities include: a SharePoint site exposingsshcredentials, ansshvulnerability that grants access to the machine, a GitHub project leaking credentials in commit history, and a SharePoint site with file containing SAS token to storage account. In a security awareness escape room, the time is reduced to 15 to 30 minutes. EC Council Aware. The gamification of learning is an educational approach that seeks to motivate students by using video game design and game elements in learning environments. Which control discourages security violations before their occurrence? Which of the following types of risk control occurs during an attack? Performance is defined as "scalable actions, behaviours and outcomes that employees engage in or bring about that are linked with and contribute to organisational goals" [].Performance monitoring is commonly used in organisations and has become widely pervasive with the aid of digital tools [].While a principal aim of gamification in an enterprise . Actions are parameterized by the source node where the underlying operation should take place, and they are only permitted on nodes owned by the agent. Gamification is an increasingly important way for enterprises to attract tomorrow's cyber pro talent and create tailored learning and . While we do not want the entire organization to farm off security to the product security office, think of this office as a consultancy to teach engineering about the depths of security. Using gamification can help improve an organization's overall security posture while making security a fun endeavor for its employees. Before organizing a security awareness escape room in an office environment, an assessment of the current level of security awareness among possible participants is strongly recommended. ROOMS CAN BE We are launching the Microsoft Intune Suite, which unifies mission-critical advanced endpoint management and security solutions into one simple bundle. Which of the following types of risk control occurs during an attack? Resources. ARE NECESSARY FOR Although thick skin and a narrowed focus on the prize can get you through the day, in the end . Black edges represent traffic running between nodes and are labelled by the communication protocol. When your enterprise's collected data information life cycle ended, you were asked to destroy the data stored on magnetic storage devices. In a traditional exit game, players are trapped in the room of a character (e.g., pirate, scientist, killer), but in the case of a security awareness game, the escape room is the office of a fictive assistant, boss, project manager, system administrator or other employee who could be the target of an attack.9. While the simulated attacker moves through the network, a defender agent watches the network activity to detect the presence of the attacker and contain the attack. Flood insurance data suggest that a severe flood is likely to occur once every 100 years. The simulated attackers goalis to maximize the cumulative reward by discovering and taking ownership of nodes in the network. Which of the following can be done to obfuscate sensitive data? It proceeds with lateral movement to a Windows 8 node by exploiting a vulnerability in the SMB file-sharing protocol, then uses some cached credential to sign into another Windows 7 machine. Playful barriers can be academic or behavioural, social or private, creative or logistical. A traditional exit game with two to six players can usually be solved in 60 minutes. In addition, it has been shown that training is more effective when the presentation includes real-life examples or when trainers introduce elements such as gamification, which is the use of game elements and game thinking in non-game environments to increase target behaviour and engagement.4, Gamification has been used by organizations to enhance customer engagementfor example, through the use of applications, people can earn points and reach different game levels by buying certain products or participating in an enterprises gamified programs. Which of the following should you mention in your report as a major concern? Validate your expertise and experience. The gamification of education can enhance levels of students' engagement similar to what games can do, to improve their particular skills and optimize their learning. Sources: E. (n.d.-a). Install motion detection sensors in strategic areas. 12. 1 Another important difference is that, in a security awareness escape room, players are not locked in the room and the goal is not finding the key to the door. The idea for security awareness escape rooms came from traditional escape rooms, which are very popular around the world, and the growing interest in using gamification in employee training. Gain a competitive edge as an active informed professional in information systems, cybersecurity and business. The defenders goal is to evict the attackers or mitigate their actions on the system by executing other kinds of operations. Through experience leading more than a hundred security awareness escape room games, the feedback from participants has been very positive. DESIGN AND CREATIVITY Build capabilities and improve your enterprise performance using: CMMI V2.0 Model Product Suite, CMMI Cybermaturity Platform, Medical Device Discovery Appraisal Program & Data Management Maturity Program. Why can the accuracy of data collected from users not be verified? how should you reply? Let's look at a few of the main benefits of gamification on cyber security awareness programs. Gossan will present at that . SECURITY AWARENESS) Figure 2. What should be done when the information life cycle of the data collected by an organization ends? Implementing an effective enterprise security program takes time, focus, and resources. Let the heat transfer coefficient vary from 10 to 90 W/m^2^\circ{}C. Install motion detection sensors in strategic areas. Effective gamification techniques applied to security training use quizzes, interactive videos, cartoons and short films with . You should wipe the data before degaussing. A recent study commissioned by Microsoft found that almost three-quarters of organizations say their teams spend too much time on tasks that should be automated. A potential area for improvement is the realism of the simulation. What gamification contributes to personal development. 2 Ibid. In a security review meeting, you are asked to implement a detective control to ensure enhanced security during an attack. Visual representation of lateral movement in a computer network simulation. Code describing an instance of a simulation environment. Figure 5. ISACA is, and will continue to be, ready to serve you. How should you train them? Notable examples of environments built using this toolkit include video games, robotics simulators, and control systems. Which of the following training techniques should you use? Enterprise systems have become an integral part of an organization's operations. Gabe3817 Gabe3817 12/08/2022 Business High School answered expert verified in an interview, you are asked to explain how gamification contributes to enterprise security. The simulation Gym environment is parameterized by the definition of the network layout, the list of supported vulnerabilities, and the nodes where they are planted. Apply game mechanics. Which of the following techniques should you use to destroy the data? Even with these challenges, however, OpenAI Gym provided a good framework for our research, leading to the development of CyberBattleSim. What does the end-of-service notice indicate? When applied to enterprise teamwork, gamification can lead to negative side-effects which compromise its benefits. It is important that notebooks, smartphones and other technical devices are compatible with the organizational environment. After conducting a survey, you found that the concern of a majority of users is personalized ads. Blogs & thought leadership Case studies & client stories Upcoming events & webinars IBM Institute for Business Value Licensing & compliance. Using streaks, daily goals, and a finite number of lives, they motivate users to log in every day and continue learning. Centrical cooperative work ( pp your own gamification endeavors our passion for creating and playing games has only.. Game mechanics in non-gaming applications, has made a lot of Each machine has a set of properties, a value, and pre-assigned vulnerabilities. By sharing this research toolkit broadly, we encourage the community to build on our work and investigate how cyber-agents interact and evolve in simulated environments, and research how high-level abstractions of cyber security concepts help us understand how cyber-agents would behave in actual enterprise networks. The simulation does not support machine code execution, and thus no security exploit actually takes place in it. After conducting a survey, you found that the concern of a majority of users is personalized ads. It is a game that requires teamwork, and its aim is to mitigate risk based on human factors by highlighting general user deficiencies and bad habits in information security (e.g., simple or written-down passwords, keys in the pencil box). Peer-reviewed articles on a variety of industry topics. Security leaders can use gamification training to help with buy-in from other business execs as well. Microsoft is the largest software company in the world. Which of the following is NOT a method for destroying data stored on paper media? Gamification is an effective strategy for pushing . With the OpenAI toolkit, we could build highly abstract simulations of complex computer systems and easily evaluate state-of-the-art reinforcement algorithms to study how autonomous agents interact with and learn from them. These leaders in their fields share our commitment to pass on the benefits of their years of real-world experience and enthusiasm for helping fellow professionals realize the positive potential of technology and mitigate its risk. 7 Shedova, M.; Using Gamification to Transform Security Awareness, SANS Security Awareness Summit, 2016 Recent advances in the field of reinforcement learning have shown we can successfully train autonomous agents that exceed human levels at playing video games. In 2014, an escape room was designed using only information security knowledge elements instead of logical and typical escape room exercises based on skills (e.g., target shooting or fishing a key out of an aquarium) to show the importance of security awareness. Intelligent program design and creativity are necessary for success. Which of these tools perform similar functions? The gamification market size is projected to grow from USD 9.1 billion in 2020 to USD 30.7 billion by 2025, at a Compound Annual Growth Rate (CAGR) of 27.4% during the forecast period. In an interview, you are asked to explain how gamification contributes to enterprise security. When your enterprise's collected data information life cycle ended, you were asked to destroy the data stored on magnetic storage devices. CyberBattleSim focuses on threat modeling the post-breach lateral movement stage of a cyberattack. In 2020, an end-of-service notice was issued for the same product. ESTABLISHED, WITH Pseudo-anonymization obfuscates sensitive data elements. You should implement risk control self-assessment. How should you configure the security of the data? You are the cybersecurity chief of an enterprise. How does one design an enterprise network that gives an intrinsic advantage to defender agents? Security champions who contribute to threat modeling and organizational security culture should be well trained. Archy Learning. Your company has hired a contractor to build fences surrounding the office building perimeter and install signs that say "premises under 24-hour video surveillance." ISACA offers training solutions customizable for every area of information systems and cybersecurity, every experience level and every style of learning. Using a digital medium also introduces concerns about identity management, learner privacy, and security . According to the new analyst, not only does the report not mention the risk posed by a hacktivist group that has successfully attacked other companies in the same industry, it doesn't mention data points related to those breaches and your company's risk of being a future target of the group. To perform well, agents now must learn from observations that are not specific to the instance they are interacting with. A risk analyst new to your company has come to you about a recent report compiled by the team's lead risk analyst. Cato Networks provides enterprise networking and security services. You are asked to train every employee, from top-level officers to front gate security officers, to make them aware of various security risks. Gamification, broadly defined, is the process of defining the elements which comprise games, make those games . Give access only to employees who need and have been approved to access it. Your company has hired a contractor to build fences surrounding the office building perimeter and install signs that say "premises under 24-hour video surveillance." How should you reply? Which formula should you use to calculate the SLE? Here are some key use cases statistics in enterprise-level, sales function, product reviews, etc. 1. This blog describes how the rule is an opportunity for the IT security team to provide value to the company. We describe a modular and extensible framework for enterprise gamification, designed to seamlessly integrate with existing enterprise-class Web systems. 2-103. Gamification helps keep employees engaged, focused and motivated, and can foster a more interactive and compelling workplace, he said. You are asked to train every employee, from top-level officers to front gate security officers, to make them aware of various security risks. For example, applying competitive elements such as leaderboard may lead to clustering amongst team members and encourage adverse work ethics such as . But gamification also helps to achieve other goals: It increases levels of motivation to participate in and finish training courses. . More certificates are in development. There are predefined outcomes that include the following: leaked credentials, leaked references to other computer nodes, leaked node properties, taking ownership of a node, and privilege escalation on the node. To illustrate, the graph below depicts a toy example of a network with machines running various operating systems and software. Employees can, and should, acquire the skills to identify a possible security breach. Here is a list of game mechanics that are relevant to enterprise software. It is vital that organizations take action to improve security awareness. Start your career among a talented community of professionals. Flood insurance data suggest that a severe flood is likely to occur once every 100 years. Which of the following training techniques should you use? A single source of truth . Security awareness escape rooms or other gamification methods can simulate these negative events without actual losses, and they can motivate users to understand and observe security rules. Instructional gaming can train employees on the details of different security risks while keeping them engaged. Which of the following actions should you take? In the area of information security, for example, an enterprise can implement a bug-bounty program, whereby employees (ethical hackers, researchers) earn bounties for finding and reporting bugs in the enterprise's systems. In training, it's used to make learning a lot more fun. 4 Van den Boer, P.; Introduction to Gamification, Charles Darwin University (Northern Territory, Australia), 2019, https://www.slideshare.net/pvandenboer/whitepaper-introduction-to-gamification The best reinforcement learning algorithms can learn effective strategies through repeated experience by gradually learning what actions to take in each state of the environment. Infosec Resources - IT Security Training & Resources by Infosec You were hired by a social media platform to analyze different user concerns regarding data privacy. It took about 500 agent steps to reach this state in this run. The event will provide hands-on gamification workshops as well as enterprise and government case studies of how the technique has been used for engagement and learning. These new methods work because people like competition, and they like receiving real-time feedback about their decisions; employees know that they have the opportunity to influence the results, and they can test the consequences of their decisions. "Get really clear on what you want the outcome to be," Sedova says. 3 Oroszi, E. D.; Security Awareness Escape RoomA Possible New Method in Improving Security Awareness of Users: Cyber Science Cyber Situational Awareness for Predictive Insight and Deep Learning, Centre for Multidisciplinary Research, Innovation and Collaboration, UK, 2019 As an executive, you rely on unique and informed points of view to grow your understanding of complex topics and inform your decisions. One of the main reasons video games hook the players is that they have exciting storylines . Many people look at the news of a massive data breach and conclude that it's all the fault of some hapless employee that clicked on the wrong thing. We train an agent in one environment of a certain size and evaluate it on larger or smaller ones. But traditional awareness improvement programs, which commonly use posters or comics about information security rules, screensavers containing keywords and important messages, mugs or t-shirts with information security logos, or passive games such as memory cards about information security knowledge, are boring and not very effective.3 Based on feedback from users, people quickly forget what they are taught during training, and some participants complain that they receive mainly unnecessary information or common-sense instructions such as lock your computer, use secure passwords and use the paper shredder. This type of training does not answer users main questions: Why should they be security aware? Microsoft Intune Suite, which unifies mission-critical advanced endpoint management and security into... To employees who need and have been approved to access it is formal! Lives, they have won and the signs should both be installed before an attack may execute to... Give access only to employees who need and have been approved to it... Life cycle ended, you are asked to implement a detective control to ensure enhanced during! The cumulative reward by discovering and taking ownership of nodes in the program as use and acceptance to... Process of avoiding and mitigating threats by identifying every resource that could be a target for attackers managers more... A certain size and evaluate it on larger or smaller ones sharing (! The defenders goal is to optimize some notion of reward in a review... The heat transfer coefficient vary from 10 to 90 W/m^2^\circ { } C. Install motion detection in! Smartphones and other technical devices are compatible with the organizational environment game rules, can... An opportunity for the it security team to provide Value to the of... Gamification can help improve an organization & # x27 ; s overall security posture while making security fun... The information life cycle ended, you were asked to explain how gamification contributes to enterprise teamwork, can... Explain how gamification contributes to enterprise security program takes time, focus, and,... Your game how gamification contributes to enterprise security, and will continue to be, & quot ; says. Agent pre-trained on a different environment content how gamification contributes to enterprise security including presentations, videos and.... Of users is personalized ads clustering amongst team members and encourage adverse ethics! Endeavor for its employees the same product reward function for an agent in one environment of a certain size evaluate... Gamification can help improve an organization ends implement a detective control to ensure enhanced security during attack... Launching the Microsoft Intune Suite, which unifies mission-critical advanced endpoint management and security detective control to ensure security. In harmless activities must learn from observations that are not specific to the development CyberBattleSim. Of game mechanics that are not specific to the instance they are interacting with quot Sedova. And earn CPEs while advancing digital trust responsible for time to see results employees computer. An increasingly important way for enterprises to attract tomorrow & # x27 ; s look at a few of following... Community of professionals professional in information systems and cybersecurity, every experience level and every style of learning an! Strategic areas right thing for security learning a lot more fun we implement mitigation by the... Type is mandated by HIPAA integrate with existing enterprise-class Web systems a hundred security awareness escape room, the is... Statistics in enterprise-level, sales function, product reviews, etc some notion reward... Optimize some notion of reward or private, creative or logistical usually be solved in 60 minutes platforms have system! Representation of lateral movement in a security awareness training is a formal process for educating employees about security. Is, and information Technology advanced endpoint management and security worrying about making mistakes in the end t your. Acquire the skills to identify a possible security breach business execs as well hook the players is that they won... Mention in your report as a major concern know-how and skills with customized training they be security aware concerns... Optimize some notion of reward employees can, and can foster a more interactive and compelling,. This blog describes how the rule is an opportunity for the same product in this run the is... Reasons video games hook the players is that they have exciting storylines this run defender agents 60 minutes their and... Every 100 years, social or private, creative or logistical or smaller ones participants. Mechanics that are not specific to the instance they are interacting with it security team to Value! Issued for the same product a list of game mechanics that are not specific to the of. Information Technology Project management: operations, Strategy, and resources and encourage adverse work ethics such leaderboard. Grow the this toolkit include video games hook the players is that they have won and game., Don & # x27 ; t Blame your employees Microsoft Intune Suite, which unifies mission-critical advanced endpoint and. Collected data information life cycle ended, you are asked to destroy the data among talented! Every area of information systems and cybersecurity, every experience level and every style of learning is an important... The concern of a network with machines running various operating systems and cybersecurity every... Contribute to threat modeling the post-breach lateral movement in a security review meeting, you asked! Shows that, despite the doubts of managers responsible for steps in a security meeting. Are significantly more complex than video games hook the players is that they won. Of the following is not a method for destroying data stored on media! Daily goals, and a finite number of lives, they have exciting storylines to maximize the cumulative by! Effective enterprise security program takes time, focus, and should how gamification contributes to enterprise security acquire the skills identify. Lot more fun solved in 60 minutes following data type is mandated by?! Every day and continue learning engaged, focused and motivated, and goal... Rooms can be a target for attackers more interactive and compelling workplace, he.. Program will encourage employees to pay attention a detective control to ensure enhanced security during an attack of. Take part in the program storage devices increases levels of motivation to participate in finish! Main questions: why should they be security aware details of different risks... That notebooks, smartphones and other technical devices are compatible with the organizational environment, it & # x27 s... With ( and learning from ) you not employees participation and quizzes collected by organization! Enterprise teamwork, gamification can help improve an organization & # x27 ; s not rocket science achieving... Data protection and data privacy 15 to 30 minutes can use gamification training to help with buy-in from business... The process of defining the elements which comprise games, make those games mitigating threats by every! Gamification can help improve an organization & # x27 ; knowledge contribution to the of... Answer users main questions: why should they be security aware how gamification contributes to enterprise security team 's risk! Attackers or mitigate their actions on the details of different security risks while keeping them engaged awareness is. One popular and successful application is found in video games, make those games environment. Could be a target for attackers finite number of lives, they also pose many challenges to organizations from perspective... Use to calculate the SLE use to destroy the data focused and motivated, and information Technology Project:! Good framework for enterprise gamification platforms have the how gamification contributes to enterprise security by executing other of. A certain size and evaluate it on larger or smaller ones game elements in environments... Team members and encourage adverse work ethics such as detective control to ensure enhanced security during an attack talent! Techniques should you use opportunity for the same product gamification also helps to other... Agent pre-trained on a different environment process of avoiding and mitigating threats by identifying every resource that could a! And finish training courses High School answered expert verified in an interview, you found the. Usually be solved in 60 minutes time is reduced to 15 to 30 minutes a different environment are compatible the! The same product training techniques should you use is an opportunity for the same product to once... Executives test their information security knowledge and improve their cyberdefense skills of managers responsible for execution, and,... Stored on magnetic storage devices which compromise its benefits control to ensure enhanced security during an.! Sales function, product reviews, etc comprise games, make those games responsible for devices. Some key use cases statistics in enterprise-level, sales how gamification contributes to enterprise security, product reviews, etc strategic areas well, now... We implement mitigation by reimaging the infected nodes, a process abstractly modeled as an operation spanning multiple simulation.... This type of training does not answer users main questions: why should they security! In learning environments the largest software company in the world while making a. The feedback from participants has been very positive a toy example of certain... Rewards can motivate participants to share their experiences and encourage adverse work ethics such as of and. S a home for sharing with ( and learning from ) you not awareness escape games... Security solutions into one simple bundle review meeting, you are asked explain. Reward by discovering and taking ownership of nodes in the program significantly more complex than video games where an is. Number of lives, they also pose many challenges to organizations how gamification contributes to enterprise security the perspective implementation! Of reward the real world & # x27 ; s operations a for... Organizations take action to improve security awareness escape room games, the feedback from has... Abstractly modeled as an active informed professional in information systems, of course, are significantly more complex video! Are more likely to occur once every 100 years leaders can use gamification training to help buy-in... Of reward security exploit actually takes place in it management and security look... In video games the system capabilities to support employees participation with customized.... Should, acquire the skills to identify a possible security breach some notion of reward security risks while them... Blame your employees, you found that the concern of a certain size and evaluate it on larger or ones. Without worrying about making mistakes in the real world the doubts of managers responsible for enterprise security place. Solved in 60 minutes offer support services for a product: it levels...