Serious Games for IT-Security Education

In recent years, the notion of gamification has gained some interest within the scientific community. Gamification denotes the use of typical gaming mechanisms, like collecting points, reaching different levels or gaining a spot on a highscore list, in a non-gaming related context. One of the most important application areas of gamification is education, e. g. learning a foreign language or basic arithmetics. There have been, however, few attempts to use games for IT-Security education. The present paper will review the existing approaches in this area, present a serious game that has been produced at Stuttgart Media University on behalf of the swiss bank UBS, and will provide an outlook on planned further activities in this area

A game-based learning experience for improving cybersecurity awareness

The use of videogames is an established tool to train a systematic way of thinking that allows users to learn by gaming. In this paper, to address the increasing need of awareness in cybersecurity related issues, we present the realization of a Virtual Reality (VR) videogame targeted towards educating users in the context of cybersecurity

An exploratory study of mode efficacy in cybersecurity training

Cybersecurity capabilities in organizations and governmental agencies continue to lag behind the threats. Given the current environment, these entities have placed renewed emphasis on cybersecurity education. However, education appears to lack its full potential in most settings. Few empirical studies have systematically tested the efficacy of various training methods and modes, and those that have been conducted have yielded inconsistent findings. Recent literature on the use of gamified simulations have suggested that they may improve cybersecurity behaviors. Similarly, live activities such as hackathons and capture the flag events have been surmised to augment learning and capabilities. We conducted an exploratory study of these compared to a traditional classroom/laboratory approach to assess the applied behavioral contribution of each. We found that a combination of simulations with live activities in conjunction with classroom study produced the best outcomes

Cyberwarfare in the Korean Peninsula: Asymmetries and Strategic Responses

In this paper, we argue that the two Koreas’ intentions and actions on the cyber front point toward the possibility that they have engaged in cyber warfare against each other. From South Korea’s standpoint, a key concern has been North Korea’s advanced cyber warfare capabilities and alleged involvement of its substantial workforce in the Internet’s dark side activities. These issues need to be looked at the backdrop of the North’s nuclear and ballistic missile capabilities. This paper draws principally upon theories and concepts from military strategy and warfare to examine the contexts, mechanisms, and processes associated with the cyber warfare in the Korean peninsula. We also compare the two Koreas in terms of various forms of asymmetries in cyber warfare and cyber attacks. Also highlighted in the paper are South Korea’s recent initiatives and actions to enhance cyber-offense and cyber-defense capabilities

Using a Game to Improve Phishing Awareness

Cybersecurity education has become increasingly critical as we spend more of our everyday lives online. Research shows that college students are mostly unaware of the many online dangers. To teach students about cybersecurity using their preferred medium, gaming, we developed an educational 2D game called “Bird’s Life” that aims to teach college students, as well as general interest individuals, about phishing. Players will come to understand phishing attacks and how to avoid them in real-world scenarios through a fun gaming context. The game can be deployed to multiple platforms such as PC, web, and mobile devices. To measure the effect of this game on learning the concepts of cybersecurity, a pre-test, post-test, and online survey were developed and used in the evaluation process. In Spring 2017, the Windows version of the game was used in two courses in our department (CSC1310 Computer Programming I and CSC3332 Fundamentals of Internet Systems). In Spring 2018, it was used in five sections of one general education course (CSC1306 Computer and Its Use I)

Wargames as Data: Addressing the Wargamer's Trilemma

Policymakers often want the very best data with which to make decisions--particularly when concerned with questions of national and international security. But what happens when this data is not available? In those instances, analysts have come to rely on synthetic data-generating processes--turning to modeling and simulation tools and survey experiments among other methods. In the cyber domain, where empirical data at the strategic level are limited, this is no different--cyber wargames are quickly becoming a principal method for both exploring and analyzing the security challenges posed by state and non-state actors in cyberspace. In this chapter, we examine the design decisions associated with this method.Comment: 3 figure

Gamification of Cyber Security Awareness : A Systematic Review of Games

The frequency and severity of cyber-attacks have increased over the years with damaging consequences such as financial loss, reputational damage, and loss of sensitive data. Most of these attacks can be attributed to user error. To minimize these errors, cyber security awareness training is conducted to improve user awareness. Cyber security awareness training that is engaging, fun, and motivating is required to ensure that the awareness message gets through to users. Gamification is one such method by which cyber security awareness training can be made fun, engaging, and motivating. This thesis presents the state of the art of games used in cyber security awareness. In this regard, a systematic review of games following PRISMA guidelines was conducted on the relevant papers published between 2010 to 2021. The games were analyzed based on their purpose, cyber security topics taught, target audience, deployment methods, game genres implemented and learning mechanics applied. Analysis of these games revealed that cyber security awareness games are mostly deployed as computer games, targeted at the general public to create awareness in a wide range of cyber security topics. Most of the games implement the role-playing genre and apply demonstration learning mechanics to deliver their cyber security awareness message effectively