Skip to main content
SpringerLink
Log in

Game-Based Information Security/Privacy Education and Awareness: Theory and Practice

  • Conference paper
  • First Online:
Information Systems (EMCIS 2020)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 402))

Abstract

This paper reviews and assesses classical and novel methods and tools towards engaging students and workforce in the concepts of information security and privacy. We investigate the theoretical basis for deploying a game-based approach for security/privacy learning and awareness, and assess state-of-the-art tools and methods that could be used as part of a challenge-based or game-based framework for learning, including serious games, CTF platforms, escape rooms, puzzle/interactive books and Alternate Reality Games (ARGs), while also identifying key-elements and important aspects that should be taken into consideration when designing a security and privacy learning/awareness program. For each of the above approaches and tools’ categories, we highlight their potential for using them for education and awareness of information security and privacy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    vulnhub.com/.

  2. 2.

    rapid7.com/.

  3. 3.

    hacknet-os.com/.

  4. 4.

    introversion.co.uk/.

  5. 5.

    niteteam4.com/.

  6. 6.

    nps.edu/web/c3o/cyberciege/.

  7. 7.

    cybersecuritychallenge.org.uk/.

  8. 8.

    sgschallenge.com/cyber-protect/.

  9. 9.

    escaperoominabox.com.

  10. 10.

    kosmosgames.co.uk.

  11. 11.

    idventure.de.

  12. 12.

    https://www.cgi.fi/fi/cybercon.

References

  1. Beuran, R., Chinen, K., Tan, Y., Shinoda, Y.: Towards effective cybersecurity education and training. Research report (School of Information Science, Graduate School of Advanced Science and Technology, Japan Advanced Institute of Science and Technology). IS-RR-2016, pp. 1–16 (2016)

    Google Scholar 

  2. Caballero, A.: Security Education, Training, and Awareness. Elsevier, Amsterdam (2017)

    Book  Google Scholar 

  3. Becker, K.: Choosing and Using Digital Games in the Classroom – A Practical Guide. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-319-12223-6

    Book  Google Scholar 

  4. Berger, H., Jones, A.: Cyber security & ethical hacking for SMEs. In: ACM International Conference Proceeding Series. Part F1305 (2016)

    Google Scholar 

  5. Schiaffino, S., Amandi, A.: Intelligent user profiling. In: Bramer, M. (ed.) Artificial Intelligence An International Perspective. LNCS (LNAI), vol. 5640, pp. 193–216. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03226-4_11

    Chapter  Google Scholar 

  6. Liegle, J.O., Woo, H.-G.: Developing adaptive intelligent tutoring systems: a general framework and its implementations. In: Proceedings of 2001 Informing Science Conference, pp. 392–397 (2001)

    Google Scholar 

  7. Sottilare, R.A., Brawner, K.W., Sinatra, A.M., Johnston, J.H.: An updated concept for a generalized intelligent framework for tutoring (GIFT). GIFTtutoring.org. pp. 1–19 (2017)

    Google Scholar 

  8. Hendrix, M., Al-Sherbaz, A., Bloom, V.: Game based cyber security training: are serious games suitable for cyber security training? Int. J. Serious Games. 3, 53–61 (2016)

    Article  Google Scholar 

  9. Mora, A., Riera, D., Gonzalez, C., Arnedo-Moreno, J.: A literature review of gamification design frameworks. In: VS-Games 2015 - 7th International Conference on Games and Virtual Worlds for Serious Applications (2015)

    Google Scholar 

  10. Gonzalez, H., Llamas, R., Ordaz, F.: Cybersecurity teaching through gamification: aligning training resources to our syllabus. Res. Comput. Sci. 146, 35–43 (2017)

    Article  Google Scholar 

  11. Beltran, M., Calvo, M., Gonzalez, S.: Experiences using capture the flag competitions to introduce gamification in undergraduate computer security labs. In: Proceedings - 2018 International Conference on Computational Science and Computational Intelligence, CSCI 2018, pp. 574–579 (2018)

    Google Scholar 

  12. Bada, M., Creese, S., Goldsmith, M., Mitchell, C., Phillips, E.: Improving the effectiveness of CSIRTs, vol. 42 (2014)

    Google Scholar 

  13. Olusegun, S.: Constructivism learning theory: a paradigm for teaching and learning. IOSR J. Res. Method Educ. 5, 2320–7388 (2015). Ver. I

    Google Scholar 

  14. Bereiter, C.: Constructivism, socioculturalism, and Popper’s world 3. Educ. Res. 23, 21–23 (2015)

    Article  Google Scholar 

  15. von Glasersfeld, E.: Cognition, construction of knowledge, and teaching. Synthese 80, 121–140 (1989)

    Article  Google Scholar 

  16. von Glasersfeld, E.: A Constructivist Approach to Teaching. In: Steffe, L.P., Gale, J. (eds.) Constructivism in Education, pp. 3–15. Lawrence Erlbaum Associates Publishers, NJ (1995). ISBN-13 978-0805810950

    Google Scholar 

  17. Chen, C.: A constructivist approach to teaching: implications in teaching computer networking. Inf. Technol. Learn. Perform. J. 21, 17–27 (2003)

    Google Scholar 

  18. Steffe, L.P., Thompson, P.W.: Steffe, L.P., Thompson, P.W.: Teaching experiment methodology: underlying principles and essential elements. In: Lesh, R., Kelly, A.E. (eds.) Research Design in Mathematics and Science Education, pp. 267–307. Erlbaum, Hillsdale (2000)

    Google Scholar 

  19. Tam, M.: Constructivism, instructional design, and technology: implications for transforming distance learning. J. Educ. Technol. Soc. 3(2), 50–60 (2000)

    Google Scholar 

  20. Vygotsky, L.S.: Interaction between learning and development. Read. Dev. Child. 23, 34–41 (1978)

    Google Scholar 

  21. Crawford, K.: Vygotskian approaches to human development in the information era. Educ. Stud. Math. 31, 43–62 (1978)

    Article  Google Scholar 

  22. Leaning, M.: A study of the use of games and gamification to enhance student engagement, experience and achievement on a theory-based course of an undergraduate media degree. J. Media Pract. 16, 155–170 (2015)

    Article  Google Scholar 

  23. Zichermann, G., Cunningham, C.: Gamification by Design: Implementing Game Mechanics in Web and Mobile Apps. O’Reilly Media Inc., Newton (2011)

    Google Scholar 

  24. Deterding, S., O’Hara, K., Sicart, M., Dixon, D., Nacke, L.: Gamification: using game design elements in non-gaming contexts. In: Conference on Human Factors in Computing Systems – Proceedings, pp. 2425–2428 (2011)

    Google Scholar 

  25. Yang, Y.: Three questions to ask before you embark on gamification. eLearn 2014, 4 (2014)

    Article  Google Scholar 

  26. Laamarti, F., Eid, M., El Saddik, A.: An overview of serious games. Int. J. Comput. Games Technol. 2014, 15 (2014). https://doi.org/10.1155/2014/358152. Article ID 358152

  27. Chou, Y.: Actionable Gamification: Beyond Points, Badges, and Leaderboards. Packt Publishing Ltd., Birmingham (2015)

    Google Scholar 

  28. de Freitas, S., Oliver, M.: How can exploratory learning with games and simulations within the curriculum be most effectively evaluated? Comput. Educ. 46, 249–264 (2006)

    Article  Google Scholar 

  29. Dondi, C., Moretti, M.: Quality in eLearning and quality of learning games. In: Digital Game Based Learning: Proceedings of the 4th International Symposium for Information Design, June 2 2005. Stuttgart Media University (2006)

    Google Scholar 

  30. Kim, B., By, V., Jackson, R., Karp, J., Patrick, E., Thrower, A.: Social constructivism social constructivism emphasizes the importance of culture and context in understanding what occurs in. Emerging Perspectives on Learning, Teaching and Technology (2006)

    Google Scholar 

  31. Kalina, C., Powell, K.C.: Cognitive and social constructivism: developing tools for an effective classroom. Education 130(2), 241–250 (2009)

    Google Scholar 

  32. Chaiklin, S.: The zone of proximal development in Vygotsky’s analysis of learning and instruction. Vygotsky’s Educ. Theory Cult. Context 1(2), 39–64 (2003)

    Article  Google Scholar 

  33. Chan, S.C.H., Wan, J.C.L., Ko, S.: Interactivity, active collaborative learning, and learning performance: the moderating role of perceived fun by using personal response systems. Int. J. Manag. Educ. 17, 94–102 (2019)

    Article  Google Scholar 

  34. de Freitas, S., Rebolledo-Mendez, G., Liarokapis, F., Magoulas, G., Poulovassilis, A.: Learning as immersive experiences: using the four-dimensional framework for designing and evaluating immersive learning experiences in a virtual world. Br. J. Educ. Technol. 41, 69–85 (2010)

    Article  Google Scholar 

  35. Facer, K., Joiner, R., Stanton, D., Reid, J., Hull, R., Kirk, D.: Savannah: mobile gaming and learning? J. Comput. Assist. Learn. 20, 399–409 (2004)

    Article  Google Scholar 

  36. Cone, B.D., Irvine, C.E., Thompson, M.F., Nguyen, T.D.: A video game for cyber security training and awareness. Comput. Secur. 26, 63–72 (2007)

    Article  Google Scholar 

  37. Zeissig, E.M., Lidynia, C., Vervier, L., Gadeib, A., Ziefle, M.: Online privacy perceptions of older adults. In: International Conference on Human Aspects of IT for the Aged Population (2017)

    Google Scholar 

  38. Trepte, S., et al.: Reforming european data protection law (2015)

    Google Scholar 

  39. Correia, J., Compeau, D.: Information privacy awareness (IPA): a review of the use, definition and measurement of IPA. In: Proceedings of the 50th Hawaii International Conference on System Sciences, pp. 4021–4030 (2017)

    Google Scholar 

  40. Schreuders, Z.C., Shaw, T., Shan-A-Khuda, M., Ravichandran, G., Keigh-ley, J., Ordean, M.: Security scenario generator (SecGen): a framework for generating randomly vulnerable rich-scenario VMs for learning computer security and hosting CTF events. In: ASE 2017 (2017)

    Google Scholar 

  41. Noor Azam, M.H., Beuran, R.B.: Usability evaluation of open source and online capture the flag platforms. Informe de investigación (Escuela de Ciencias de la Información, Escuela Superior de Ciencia y Tecnología, Instituto Avanzado de Ciencia y Tecnología de Japón). IS-RR-2018 (2018)

    Google Scholar 

  42. Ford, V., Siraj, A., Haynes, A., Brown, E.: Capture the flag unplugged: an offline cyber competition. In: Proceedings of the Conference on Integrating Technology into Computer Science Education, ITiCSE, pp. 225–230 (2017)

    Google Scholar 

  43. Pham, C., Tang, D., Chinen, K., Beuran, R.: CyRIS: a cyber range instantiation system for facilitating security training, pp. 251–258 (2016)

    Google Scholar 

  44. Beuran, R., Pham, C., Tang, D., Chinen, K.I, Tan, Y., Shinoda, Y.: Cytrone: an integrated cybersecurity training framework. In: ICISSP 2017 - Proceedings of the 3rd International Conference on Information Systems Security and Privacy, January 2017, pp. 157–166 (2017)

    Google Scholar 

  45. Thomps, M., Irvine, C.: Active learning with the CyberCIEGE video game. In: 4th Workshop on Cyber Security Experimentation and Test, CSET 2011, pp. 1–8 (2011)

    Google Scholar 

  46. Denning, T., Lerner, A., Shostack, A., Kohno, T.: Control-Alt-Hack: the design and evaluation of a card game for computer security awareness and education. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 915–928 (2013)

    Google Scholar 

  47. Denning, T., Shostack, A., Kohno, T.: Practical lessons from creating the Control-Alt-Hack Card game and research challenges for games in education and research. In: Usenix (2014)

    Google Scholar 

  48. Mirkovic, J., Dark, M., Du, W., Vigna, G., Denning, T.: Evaluating cybersecurity education interventions: three case studies. IEEE Secur. Priv. 13, 63–69 (2015)

    Article  Google Scholar 

  49. Gondree, M., Peterson, Z.N.J.: Valuing security by getting [d0x3d!] experiences with a network security board game. In: 6th Workshop on Cyber Security Experimentation and Test, CSET 2013 (2013)

    Google Scholar 

  50. Flushman, T.R., Gondree, M., Peterson, Z.N.J.: This is not a game: early observations on using alternate reality games for teaching security concepts to first-year undergraduates. In: 8th Workshop on Cyber Security Experimentation and Test, CSET 2015 (2015)

    Google Scholar 

  51. Gondree, M., Peterson, Z.N.J., Denning, T.: Security through play. IEEE Secur. Priv. 11, 64–67 (2013)

    Article  Google Scholar 

  52. Shostack, A.: Elevation of privilege: drawing developers into threat modeling. In: USENIX Summit on Gaming, Games, and Gamification in Security Education, pp. 1–15 (2014)

    Google Scholar 

  53. Thompson, M., Takabi, H.: Effectiveness of using card games to teach threat modeling for secure web application developments. Issues Inf. Syst. 17, 244–253 (2016)

    Google Scholar 

  54. Hart, S., Margheri, A., Paci, F., Sassone, V.: Riskio: a serious game for cyber security awareness and education. Comput. Secur. 95, 101827 (2020)

    Article  Google Scholar 

  55. Mcdonald, J., et al.: Designing authentic cybersecurity learning experiences: lessons from the cybermatics playable case study. In: Proceedings of the 52nd Hawaii International Conference on System Sciences, vol. 6, pp. 2507–2516 (2019)

    Google Scholar 

  56. Wiemker, M., Elumir, E., Clare, A.: Escape room games: can you transform an unpleasant situation into a pleasant one? Game Learn. 55, 55–68 (2015)

    Google Scholar 

  57. Clarke, S.J., Peel, D.J., Arnab, S., Morini, L., Keegan, H., Wood, O.: EscapED: a framework for creating educational escape rooms and interactive games to for higher/further education. Int. J. Serious Games 4, 73–86 (2017)

    Article  Google Scholar 

  58. Nicholson, S.: Creating engaging escape rooms for the classroom. Child. Educ. 94, 44–49 (2018)

    Article  Google Scholar 

  59. Mcgonigal, J.: Reality is broken: why games make us better and how they can change the world. Penguin 10, 51–73 (2011)

    Google Scholar 

  60. Blohm, I., Leimeister, J.M.: Gamification: design of IT-based enhancing services for motivational support and behavioral change. Bus. Inf. Syst. Eng. 5, 275–278 (2013)

    Article  Google Scholar 

  61. Borrego, C., Fernández, C., Blanes, I., Robles, S.: Room escape at class: escape games activities to facilitate the motivation and learning in computer science. J. Technol. Sci. Educ. 7, 162–171 (2017)

    Article  Google Scholar 

  62. Kokolakis, S.: Privacy attitudes and privacy behaviour: a review of current research on the privacy paradox phenomenon. Comput. Secur. 64, 122–134 (2017)

    Article  Google Scholar 

  63. Pötzsch, S.: Privacy awareness: a means to solve the privacy paradox? In: Matyáš, V., Fischer-Hübner, S., Cvrček, D., Švenda, P. (eds.) Privacy and Identity 2008. IAICT, vol. 298, pp. 226–236. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03315-5_17

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Informatics, Ionian University, Plateia Tsirigoti 7, 49100, Corfu, Greece

    Stylianos Karagiannis, Thanos Papaioannou, Emmanouil Magkos & Aggeliki Tsohou

  2. Beyond Vision, 3830-352, Ílhavo, Portugal

    Stylianos Karagiannis

  3. PDMFC, 1300-609, Lisboa, Portugal

    Thanos Papaioannou

Authors
  1. Stylianos Karagiannis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thanos Papaioannou
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Emmanouil Magkos
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Aggeliki Tsohou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stylianos Karagiannis .

Editor information

Editors and Affiliations

  1. Department of Digital Innovation, School of Business, University of Nicosia, Nicosia, Cyprus

    Marinos Themistocleous

  2. British University in Dubai, Dubai, United Arab Emirates

    Maria Papadaki

  3. School of Strategy and Leadership, Coventry University, Coventry, UK

    Muhammad Mustafa Kamal

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Karagiannis, S., Papaioannou, T., Magkos, E., Tsohou, A. (2020). Game-Based Information Security/Privacy Education and Awareness: Theory and Practice. In: Themistocleous, M., Papadaki, M., Kamal, M.M. (eds) Information Systems. EMCIS 2020. Lecture Notes in Business Information Processing, vol 402. Springer, Cham. https://doi.org/10.1007/978-3-030-63396-7_34

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-63396-7_34

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-63395-0

  • Online ISBN: 978-3-030-63396-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation