Research

Cybersecurity educational games:a theoretical framework

Cybersecurity educational games: a theoretical framework

Cybersecurity educational games: a theoretical framework

Cybersecurity educational games:a theoretical framework

By Mark I Hwang and Susan Helser

Abstract

“Purpose – Computer games that teach cybersecurity concepts have been developed to help both individualsand organizations shore up their defence against cybercrimes. Evidence of the effectiveness of these gameshas been rather weak, however. This paper aims to guide the design and testing of more effectivecybersecurity educational games by developing a theoretical framework. Design/methodology/approach – A review of the literature is conducted to explore the dependentvariable of this research stream, learning outcomes and its relationship with four independent variables, amecharacteristics, game context, learning theory and user characteristics. Findings – The dependent variable can be measured by five learning outcomes: information, content,strategic knowledge, eagerness to learn/time spent and behavioral change. Game characteristics refer tofeatures that contribute to a game’s usefulness, interactivity, playfulness or attractiveness. Game contextpertains to factors that determine how a game is used, including the target audience, the skill involved and thestory. Learning theory explains how learning takes place and can be classified as behaviorism, cognitivism,humanism, social learning or constructivism. User characteristics including gender, age, computer experience,knowledge and perception, are attributes that can impact users’ susceptibility to cybercrimes and hencelearning outcomes.

Reference

Hwang, M., &Helser, S. (2020, October). Cybersecurity educational games: A theoretical framework. Retrieved January 24, 2022, from https://www.emerald.com/insight/content/doi/10.1108/ICS-10-2020-0173/full/html

Keyword

Cybercrime, phishing, computer-based learning, serious games, human behavior, information systems, information security, computer security, information security modeling, training, computer crime, research