Engaging Students in Basic Cybersecurity Concepts Using Digital Game-Based Learning: Computer Games as Virtual Learning Environments (original) (raw)
The use of gamification to teach cybersecurity awareness in information systems
International Conference on Information Systems, 2020
This paper investigates the impact of gamification in teaching and learning cybersecurity awareness. The increasing rate of cyber-attacks and data breaches in recent times, have made cybersecurity awareness a critical learning objective in Information Systems (IS) curriculum globally. However, teaching and learning cybersecurity awareness can be challenging, especially to smaller colleges and universities who have meagre resources. Moreover, learning cybersecurity principles requires understanding of concepts that are usually unfamiliar to students in the IS major. In order to effectively deliver the desired learning objectives in cybersecurity awareness, IS educators can adopt pedagogical approaches, e.g., gamification, that are interactive, fun and appealing to students. Gamification which has been defined as the use of game components to deliver learning objectives in a given area, offer an alternative that is affordable, easy to learn and requires very little to no overhead cost. Currently, the authors are designing 3 gamified activities that can be used to teach and learn cyber security awareness. We intend to validate the effectiveness of these activities using experimental approaches. Students will be randomly selected from universities in Northern Pennsylvania, USA, and divided into experimental and control group. Experimental group will be asked to complete the gamified activities. Data will be collected using questionnaire. Data analysis will be by means of statistical approaches such as ANOVA, paired t-test of factor analysis. We hope that the results of our study will support the use of gamification in teaching and learning cybersecurity awareness.
Gamification of cybersecurity training
Proceedings of the 1st International Workshop on Gamification of Software Development, Verification, and Validation
A large fraction of cybercrimes could be prevented with improved cybersecurity awareness training. We have developed a virtual cybersecurity escape room based on the three-dimensional Unity game development platform. This application is based on the proven Octalysis gamification framework, which has been shown to improve user engagement and knowledge retention. Following a discussion of the application design, this position paper presents playtesting results, work in progress, and experimental quantification based on eight gamification metrics.
Framing Gamification in Undergraduate Cybersecurity Education
Journal of The Colloquium for Information Systems Security Education, 2023
Gamification presents potential benefits in courses that traditionally require the comprehension of complex concepts and a high level of technical and abstract thinking. Courses in Cyber Security Operations (CSO) undergraduate education meet these criterion. This research evaluates organizational constructs that have been applied to gamification applications (GAs) in CSO education. It utilizes framing theory and frame-reflective discourse analysis to outline frames based on engagement levels and analyzes the current distribution of GAs. The following organizational constructs for GAs in data structures and algorithms education apply to CSO education: Enhanced Examination (EE), Visualization of Abstract Ideas (VAI), Dynamic Gamification (DG), Social and Collaborative Engagement (SGE), and Collaborative Gamification Development (CGD). Three additional frames are identified: Missions and Quests (MQ), Simulations (Sim) and Aspirational Learning (AL). MQ GAs have process-driven quests, stories, and/or descriptive scenarios to augment engagement. Sim GAs use environmental immersion to demonstrate real world problem solving while allowing freedom of movement. AL GAs use goal-based designs like Capture The Flag (CTF) missions to enhance engagement. Twenty-seven existing CSO GAs fit within the MQ frame as CSO education lends itself well to these types of experiences. Seventeen CSO GAs fall within the AL GA frame, many of these manifesting as CTF missions. Seventeen CSO GAs fit in the EE Frame due to their optimization in the analysis of learning progress. Nine Sim GAs were successfully deployed in CSO education, followed by 4 VAI, 3 SGE, and 3 DG GAs.
SHS Web of Conferences
Our world has become increasingly dependent on electronic technology. As most economic, cultural, and social activities are conducted in cyberspace, how to protect data from cyberattacks has arisen as a prominent challenge. Cybersecurity education and training that improves awareness among personnel is recognized as an effective approach. Higher education institutions (HEIs) have become prime cyberattack targets as they hold vast amounts of valuable research and personal data. This paper analyses the state of cybersecurity in HEIs and the problems of cybersecurity education, and proposes the solution of gamification of cybersecurity education. A detailed feasibility analysis and recommendations for developing cybersecurity education games are provided. This paper expands the theories of gamified cybersecurity education in China, and sheds light on enhancing the effectiveness of cybersecurity education in HEIs through games.
Gamification for Teaching and Learning Computer Security in Higher Education
2016
In many cases students in higher education are driven by assessments and achievements rather than the “learning journey” that can be achieved through full engagement with provided material. Novel approaches are needed to improve engagement in and out of class time, and to achieve a greater depth of learning. Gamification, “the use of game design elements in nongame contexts”, has been applied to higher education to improve engagement, and research also suggests that serious games can be used for gamesbased learning, providing simulated learning environments and increasing motivation. This paper presents the design and evaluation of a gamified computer security module, with a unique approach to assessed learning activities. Learning activities (many developed as open educational resources (OER)) and an assessment structure were developed. A new free and open source software (FOSS) virtual learning environment (VLE) was implemented, which enables the use of three types of experience p...
Evaluation of Game-Based Learning in Cybersecurity Education for High School Students
Journal of Education and Learning (EduLearn), 2018
Game based learning is a new game play mechanism that the players explore various aspects of game play in a learning context designed by the instructor or the game designer. Nevertheless, general acceptance of game based learning as a new learning paradigm was deferred by a lack of wellcontrolled, large sample efficacy studies. To address the increasing need of cybersecurity workforce, this paper introduces a game based learning method for high school cybersecurity education. Purdue University Northwest launched GenCyber high school summer camps to about 200 high school students in Chicago metropolitan area. The survey conducted after the summer camp indicated that the game based learning for cybersecurity education was very effective in cybersecurity awareness training. Further analysis of survey data revealed that there is a gender difference in raising students' interests in cybersecurity and computer science education using game based learning method.
Gamification of an Information Security Management Course
Learners tend to find theory courses dry, and struggle to remain engaged with the material. Gamification has been used in both commerce and educational settings to engage an audience. An Information Security Management course was selected to use as a case study to investigate if an interactive game developed by the Naval Postgraduate School would engage learners and assist them in their understanding of how enterprise policies could be followed and implemented through logical protection mechanisms, physical security, and enforcement of procedures. It was supposed that by working through scenarios, learners would increase their understanding of Information Security through active learning if they were self-aware enough to see that while they are attempting to achieve the scenario objective, they were applying abstract security concepts. The study was conducted in order to determine if active learning was actually taking place while learners played CyberCIEGE.
Design and Evaluation of a Cybersecurity Awareness Training Game
Lecture Notes in Computer Science, 2017
Serious games are becoming more popular because they provide an opportunity for learning in a natural environment. Although many concepts included in cybersecurity awareness training are universal, many forms of training fail because they are based on rote learning and do not require users to think about security concepts. The main objective of this study is to design a candidate cybersecurity awareness training tool which provides an environment for helping users to understand security concepts while playing a game. To reach our goal, we applied a newly developed model, which is Activity Theory-based Model of Serious Games (ATMSG), to design our own game. According to the design, we implemented a game demo and assessed its gameplay. The results indicated that the story gameplay can help players improve their understanding of cybersecurity problems and resolutions.
Application of Gamification for Cyber Security Awareness
With the expansion of technology and therefore the accessibility to the web within the recent decades, people are now connected across countries. Internet-enabled interconnectivity of ICT assets is increasingly adopted worldwide. Despite the benefits, threats to organizational assets are just around the corner. The vulnerability to such threats is increased when employees working with ICT systems are unaware of cyber security. Cybersecurity in itself includes the protection of frameworks, systems and projects from computerized assaults. There are several ways to raise cyber security awareness, but the increasing number of cyber security incidents suggests that these methods lack effectiveness. Gamification offers promising results due to its ability to counter several weaknesses of existing trainings, for example related to motivation and engagement. It is presumed that incorporating gamification in cyber security awareness trainings could increase their effectiveness. This paper evaluates the various game-based learning system in cybersecurity, identifying the varied tools exist, the advantages and shortcomings of every system and feasible ways to enhance on the prevailing systems. Thus, in this research, I would like to develop an alternative and joyful way to educate and encourage people to learn more about the security awareness. I develop a game, which is a security game for building security awareness by using Unity.
The Gamification of Cybersecurity Training
Lecture Notes in Computer Science, 2017
Due to the rapidly and continued evolving nature of technology, there is a constant need to update police officers' training in cyber security to ensure that the UK continues to be a secure place to live and do business. Rather than deliver traditional classroom-based training, our project assesses the effectiveness of the delivery of cyber security through the use of games based learning to simulate cybercrimes and provide training in incident response. The aim of our research is to transform the delivery of first responder training in tackling cybercrime. Through the use of a Game Jam and subsequent prototype development, we have trialed training materials that are based on serious games technology. The game poses a common incident reported to the police, for example the problem of a virtual person receiving offensive messages via Facebook and the training reflects the dialogue with that person and the technical steps to ensure that a copy of the evidence has been preserved for further investigation. Evaluation has been conducted with local police officers. Overall, this approach to the large-scale provision of training (potentially to a whole force) is shown to offer potential.