Purpose Computer games that teach cybersecurity concepts have been developed to help both individuals and organizations shore up their defence against cybercrimes. Evidence of the effectiveness of these games has been rather weak, however. This paper aims to guide the design and testing of more effective cybersecurity educational games by developing a theoretical framework. Design/methodology/approach A review of the literature is conducted to explore the dependent variable of this research stream, learning outcomes and its relationship with four independent variables, game characteristics, game context, learning theory and user characteristics. Findings The dependent variable can be measured by five learning outcomes: information, content, strategic knowledge, eagerness to learn/time spent and behavioral change. Game characteristics refer to features that contribute to a game’s usefulness, interactivity, playfulness or attractiveness. Game context pertains to factors that determine how a game is used, including the target audience, the skill involved and the story. Learning theory explains how learning takes place and can be classified as behaviorism, cognitivism, humanism, social learning or constructivism. User characteristics including gender, age, computer experience, knowledge and perception, are attributes that can impact users’ susceptibility to cybercrimes and hence learning outcomes. Originality/value The framework facilitates taking stock of past research and guiding future research. The use of the framework is illustrated in a critique of two research streams. Multiple research directions are discussed for continued research into the design and testing of next-generation cybersecurity computer games.
An earlier version of this paper was presented at the 2011 IEEE International Symposium on Technology and Society (ISTAS) at Saint Xavier University in Chicago, Illinois (and printed in the 2011 ISTAS proceedings). The focus of this paper is to present observations related to information assurance (IA) in rural and urban populations. Based on our experience teaching college students in these environments, we have noted that on entering school, generally, individuals demonstrate limited background knowledge of a variety of computer related technologies. Students begin with a technical disadvantage that represents a readily exploitable attack vector for identity thieves . Because of the experience deficit, the hazard of identity theft is significant with possible severe detrimental outcomes for the student victim. In addition, the negative impact on the society as a whole is substantial. Methods that reach beyond traditional formal computer or network security instruction in the classroom and extend information assurance education across disciplines are needed. We have explored this direction at the university and have worked on strategies to educate students about identity theft . The interdisciplinary programs outlined here span the curriculum. In addition, we suggest community outreach programs that extend the scope of influence of information assurance education beyond the university to include surrounding at risk populations.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.