Abstract
This paper reviews and assesses classical and novel methods and tools towards engaging students and workforce in the concepts of information security and privacy. We investigate the theoretical basis for deploying a game-based approach for security/privacy learning and awareness, and assess state-of-the-art tools and methods that could be used as part of a challenge-based or game-based framework for learning, including serious games, CTF platforms, escape rooms, puzzle/interactive books and Alternate Reality Games (ARGs), while also identifying key-elements and important aspects that should be taken into consideration when designing a security and privacy learning/awareness program. For each of the above approaches and tools’ categories, we highlight their potential for using them for education and awareness of information security and privacy.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Beuran, R., Chinen, K., Tan, Y., Shinoda, Y.: Towards effective cybersecurity education and training. Research report (School of Information Science, Graduate School of Advanced Science and Technology, Japan Advanced Institute of Science and Technology). IS-RR-2016, pp. 1–16 (2016)
Caballero, A.: Security Education, Training, and Awareness. Elsevier, Amsterdam (2017)
Becker, K.: Choosing and Using Digital Games in the Classroom – A Practical Guide. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-319-12223-6
Berger, H., Jones, A.: Cyber security & ethical hacking for SMEs. In: ACM International Conference Proceeding Series. Part F1305 (2016)
Schiaffino, S., Amandi, A.: Intelligent user profiling. In: Bramer, M. (ed.) Artificial Intelligence An International Perspective. LNCS (LNAI), vol. 5640, pp. 193–216. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03226-4_11
Liegle, J.O., Woo, H.-G.: Developing adaptive intelligent tutoring systems: a general framework and its implementations. In: Proceedings of 2001 Informing Science Conference, pp. 392–397 (2001)
Sottilare, R.A., Brawner, K.W., Sinatra, A.M., Johnston, J.H.: An updated concept for a generalized intelligent framework for tutoring (GIFT). GIFTtutoring.org. pp. 1–19 (2017)
Hendrix, M., Al-Sherbaz, A., Bloom, V.: Game based cyber security training: are serious games suitable for cyber security training? Int. J. Serious Games. 3, 53–61 (2016)
Mora, A., Riera, D., Gonzalez, C., Arnedo-Moreno, J.: A literature review of gamification design frameworks. In: VS-Games 2015 - 7th International Conference on Games and Virtual Worlds for Serious Applications (2015)
Gonzalez, H., Llamas, R., Ordaz, F.: Cybersecurity teaching through gamification: aligning training resources to our syllabus. Res. Comput. Sci. 146, 35–43 (2017)
Beltran, M., Calvo, M., Gonzalez, S.: Experiences using capture the flag competitions to introduce gamification in undergraduate computer security labs. In: Proceedings - 2018 International Conference on Computational Science and Computational Intelligence, CSCI 2018, pp. 574–579 (2018)
Bada, M., Creese, S., Goldsmith, M., Mitchell, C., Phillips, E.: Improving the effectiveness of CSIRTs, vol. 42 (2014)
Olusegun, S.: Constructivism learning theory: a paradigm for teaching and learning. IOSR J. Res. Method Educ. 5, 2320–7388 (2015). Ver. I
Bereiter, C.: Constructivism, socioculturalism, and Popper’s world 3. Educ. Res. 23, 21–23 (2015)
von Glasersfeld, E.: Cognition, construction of knowledge, and teaching. Synthese 80, 121–140 (1989)
von Glasersfeld, E.: A Constructivist Approach to Teaching. In: Steffe, L.P., Gale, J. (eds.) Constructivism in Education, pp. 3–15. Lawrence Erlbaum Associates Publishers, NJ (1995). ISBN-13 978-0805810950
Chen, C.: A constructivist approach to teaching: implications in teaching computer networking. Inf. Technol. Learn. Perform. J. 21, 17–27 (2003)
Steffe, L.P., Thompson, P.W.: Steffe, L.P., Thompson, P.W.: Teaching experiment methodology: underlying principles and essential elements. In: Lesh, R., Kelly, A.E. (eds.) Research Design in Mathematics and Science Education, pp. 267–307. Erlbaum, Hillsdale (2000)
Tam, M.: Constructivism, instructional design, and technology: implications for transforming distance learning. J. Educ. Technol. Soc. 3(2), 50–60 (2000)
Vygotsky, L.S.: Interaction between learning and development. Read. Dev. Child. 23, 34–41 (1978)
Crawford, K.: Vygotskian approaches to human development in the information era. Educ. Stud. Math. 31, 43–62 (1978)
Leaning, M.: A study of the use of games and gamification to enhance student engagement, experience and achievement on a theory-based course of an undergraduate media degree. J. Media Pract. 16, 155–170 (2015)
Zichermann, G., Cunningham, C.: Gamification by Design: Implementing Game Mechanics in Web and Mobile Apps. O’Reilly Media Inc., Newton (2011)
Deterding, S., O’Hara, K., Sicart, M., Dixon, D., Nacke, L.: Gamification: using game design elements in non-gaming contexts. In: Conference on Human Factors in Computing Systems – Proceedings, pp. 2425–2428 (2011)
Yang, Y.: Three questions to ask before you embark on gamification. eLearn 2014, 4 (2014)
Laamarti, F., Eid, M., El Saddik, A.: An overview of serious games. Int. J. Comput. Games Technol. 2014, 15 (2014). https://doi.org/10.1155/2014/358152. Article ID 358152
Chou, Y.: Actionable Gamification: Beyond Points, Badges, and Leaderboards. Packt Publishing Ltd., Birmingham (2015)
de Freitas, S., Oliver, M.: How can exploratory learning with games and simulations within the curriculum be most effectively evaluated? Comput. Educ. 46, 249–264 (2006)
Dondi, C., Moretti, M.: Quality in eLearning and quality of learning games. In: Digital Game Based Learning: Proceedings of the 4th International Symposium for Information Design, June 2 2005. Stuttgart Media University (2006)
Kim, B., By, V., Jackson, R., Karp, J., Patrick, E., Thrower, A.: Social constructivism social constructivism emphasizes the importance of culture and context in understanding what occurs in. Emerging Perspectives on Learning, Teaching and Technology (2006)
Kalina, C., Powell, K.C.: Cognitive and social constructivism: developing tools for an effective classroom. Education 130(2), 241–250 (2009)
Chaiklin, S.: The zone of proximal development in Vygotsky’s analysis of learning and instruction. Vygotsky’s Educ. Theory Cult. Context 1(2), 39–64 (2003)
Chan, S.C.H., Wan, J.C.L., Ko, S.: Interactivity, active collaborative learning, and learning performance: the moderating role of perceived fun by using personal response systems. Int. J. Manag. Educ. 17, 94–102 (2019)
de Freitas, S., Rebolledo-Mendez, G., Liarokapis, F., Magoulas, G., Poulovassilis, A.: Learning as immersive experiences: using the four-dimensional framework for designing and evaluating immersive learning experiences in a virtual world. Br. J. Educ. Technol. 41, 69–85 (2010)
Facer, K., Joiner, R., Stanton, D., Reid, J., Hull, R., Kirk, D.: Savannah: mobile gaming and learning? J. Comput. Assist. Learn. 20, 399–409 (2004)
Cone, B.D., Irvine, C.E., Thompson, M.F., Nguyen, T.D.: A video game for cyber security training and awareness. Comput. Secur. 26, 63–72 (2007)
Zeissig, E.M., Lidynia, C., Vervier, L., Gadeib, A., Ziefle, M.: Online privacy perceptions of older adults. In: International Conference on Human Aspects of IT for the Aged Population (2017)
Trepte, S., et al.: Reforming european data protection law (2015)
Correia, J., Compeau, D.: Information privacy awareness (IPA): a review of the use, definition and measurement of IPA. In: Proceedings of the 50th Hawaii International Conference on System Sciences, pp. 4021–4030 (2017)
Schreuders, Z.C., Shaw, T., Shan-A-Khuda, M., Ravichandran, G., Keigh-ley, J., Ordean, M.: Security scenario generator (SecGen): a framework for generating randomly vulnerable rich-scenario VMs for learning computer security and hosting CTF events. In: ASE 2017 (2017)
Noor Azam, M.H., Beuran, R.B.: Usability evaluation of open source and online capture the flag platforms. Informe de investigación (Escuela de Ciencias de la Información, Escuela Superior de Ciencia y Tecnología, Instituto Avanzado de Ciencia y Tecnología de Japón). IS-RR-2018 (2018)
Ford, V., Siraj, A., Haynes, A., Brown, E.: Capture the flag unplugged: an offline cyber competition. In: Proceedings of the Conference on Integrating Technology into Computer Science Education, ITiCSE, pp. 225–230 (2017)
Pham, C., Tang, D., Chinen, K., Beuran, R.: CyRIS: a cyber range instantiation system for facilitating security training, pp. 251–258 (2016)
Beuran, R., Pham, C., Tang, D., Chinen, K.I, Tan, Y., Shinoda, Y.: Cytrone: an integrated cybersecurity training framework. In: ICISSP 2017 - Proceedings of the 3rd International Conference on Information Systems Security and Privacy, January 2017, pp. 157–166 (2017)
Thomps, M., Irvine, C.: Active learning with the CyberCIEGE video game. In: 4th Workshop on Cyber Security Experimentation and Test, CSET 2011, pp. 1–8 (2011)
Denning, T., Lerner, A., Shostack, A., Kohno, T.: Control-Alt-Hack: the design and evaluation of a card game for computer security awareness and education. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 915–928 (2013)
Denning, T., Shostack, A., Kohno, T.: Practical lessons from creating the Control-Alt-Hack Card game and research challenges for games in education and research. In: Usenix (2014)
Mirkovic, J., Dark, M., Du, W., Vigna, G., Denning, T.: Evaluating cybersecurity education interventions: three case studies. IEEE Secur. Priv. 13, 63–69 (2015)
Gondree, M., Peterson, Z.N.J.: Valuing security by getting [d0x3d!] experiences with a network security board game. In: 6th Workshop on Cyber Security Experimentation and Test, CSET 2013 (2013)
Flushman, T.R., Gondree, M., Peterson, Z.N.J.: This is not a game: early observations on using alternate reality games for teaching security concepts to first-year undergraduates. In: 8th Workshop on Cyber Security Experimentation and Test, CSET 2015 (2015)
Gondree, M., Peterson, Z.N.J., Denning, T.: Security through play. IEEE Secur. Priv. 11, 64–67 (2013)
Shostack, A.: Elevation of privilege: drawing developers into threat modeling. In: USENIX Summit on Gaming, Games, and Gamification in Security Education, pp. 1–15 (2014)
Thompson, M., Takabi, H.: Effectiveness of using card games to teach threat modeling for secure web application developments. Issues Inf. Syst. 17, 244–253 (2016)
Hart, S., Margheri, A., Paci, F., Sassone, V.: Riskio: a serious game for cyber security awareness and education. Comput. Secur. 95, 101827 (2020)
Mcdonald, J., et al.: Designing authentic cybersecurity learning experiences: lessons from the cybermatics playable case study. In: Proceedings of the 52nd Hawaii International Conference on System Sciences, vol. 6, pp. 2507–2516 (2019)
Wiemker, M., Elumir, E., Clare, A.: Escape room games: can you transform an unpleasant situation into a pleasant one? Game Learn. 55, 55–68 (2015)
Clarke, S.J., Peel, D.J., Arnab, S., Morini, L., Keegan, H., Wood, O.: EscapED: a framework for creating educational escape rooms and interactive games to for higher/further education. Int. J. Serious Games 4, 73–86 (2017)
Nicholson, S.: Creating engaging escape rooms for the classroom. Child. Educ. 94, 44–49 (2018)
Mcgonigal, J.: Reality is broken: why games make us better and how they can change the world. Penguin 10, 51–73 (2011)
Blohm, I., Leimeister, J.M.: Gamification: design of IT-based enhancing services for motivational support and behavioral change. Bus. Inf. Syst. Eng. 5, 275–278 (2013)
Borrego, C., Fernández, C., Blanes, I., Robles, S.: Room escape at class: escape games activities to facilitate the motivation and learning in computer science. J. Technol. Sci. Educ. 7, 162–171 (2017)
Kokolakis, S.: Privacy attitudes and privacy behaviour: a review of current research on the privacy paradox phenomenon. Comput. Secur. 64, 122–134 (2017)
Pötzsch, S.: Privacy awareness: a means to solve the privacy paradox? In: Matyáš, V., Fischer-Hübner, S., Cvrček, D., Švenda, P. (eds.) Privacy and Identity 2008. IAICT, vol. 298, pp. 226–236. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03315-5_17
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Karagiannis, S., Papaioannou, T., Magkos, E., Tsohou, A. (2020). Game-Based Information Security/Privacy Education and Awareness: Theory and Practice. In: Themistocleous, M., Papadaki, M., Kamal, M.M. (eds) Information Systems. EMCIS 2020. Lecture Notes in Business Information Processing, vol 402. Springer, Cham. https://doi.org/10.1007/978-3-030-63396-7_34
Download citation
DOI: https://doi.org/10.1007/978-3-030-63396-7_34
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-63395-0
Online ISBN: 978-3-030-63396-7
eBook Packages: Computer ScienceComputer Science (R0)