The purpose of this paper is to explore the notion of formative design in the context of the design, development, implementation, and evaluation of a collectible card game (CCG) for teaching cybersecurity to middle school students. The approach involved a formative design approach, educational design research (EDR) that evolved from design-based research and design experiments commonly employed in fields such as the learning sciences, educational technology, and instructional design. The authors assert that the EDR process used to design an educational CCG is an effective approach for formative learning game design work. Keywords Cybersecurity. Educational design research. Design based research. Collectible card games The information age has an Achilles heel. Governments and enterprise organizations greatly rely upon computer systems and networks for their ability to exchange information and support decision processes. However, this digital infrastructure is also vulnerable to attacks by criminals, foreign nations, hackers, and disgruntled employees. In 2015, the Government Accountability Office reported that the number of security incidents related to federal agencies increased from approximately 5503 in 2006 to 67,168 in 2014, a more than tenfold increase (Wilshusen 2015). A recent annual analysis by the Ponemon Institute of 245 companies in seven countries found that the average cost of cybercrime to a company was $11.7 million per year, with a maximum cost of over $77.1 million (Ponemon Institute 2017). Cybersecurity attacks have become a common occurrence causing profound damage. As we become more reliant on cyberinfrastructure, we also become more vulnerable to cyberattack. While in office, President Barack Obama identified cybersecurity as one of the USA's most serious economic and national security challenges, but one that we are not adequately prepared to counter (Obama 2014). Shortly after taking office, President Obama ordered a review of federal efforts to deal with the problem of defending the US information infrastructure and to develop a comprehensive approach for meeting current and future cybersecurity threats (Unites States Department of Homeland Security 2011; United States Executive Office of the President 2011). In 2015, President Obama emphasized the importance of not only dealing with cybersecurity threats but also focusing on protecting children as part of this effort. He stated, BNo foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids^(Obama 2015). The events surrounding the 2016 US presidential election demonstrate the urgent need for the development of cybersecurity expertise and for better and stronger cybersecurity systems. On May 11, 2017, President Trump issued an executive order on BStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure,^which included a call for various sectors of the government to: B…assess the scope and sufficiency of efforts to educa...
