Abstract. The world around us is digitalising fast and internet is almost everywhere, which makes cyber security an inevitable part of our lives. This thesis explored if capture-the-flag (CTF) games are viable solution to teaching cyber security. Research method used was a narrative literature review. 16 academic sources were reviewed, nine of which used quantitative research methods.
Prior research showed that capture-the-flag games had a positive impact on participants’ motivation and engagement levels. In some studies, capture-the-flag games were found to lead to statistically better learning results and better understanding of computer security. Other resulting advantages were better practical knowledge in cyber security, increased grades and increased confidence in cyber security skills.
Organising such games was found to be a challenging job and consequently, knowledge is required from both organisers and participants of capture-the-flag games. Capture-the-flag game environments are complex and support staff is needed in organising such games. Designing the challenges to be appropriately challenging was found to be a difficult task and a related problem was challenge avoidance. Quality assurance was found to be an important, but often overlooked part of the design process.
In some papers, plagiarism was mentioned being a trouble. Automated approval of flag submissions in the games could lead to students illicitly sharing flags. Besides plagiarism, other ethical implications of teaching offensive computer security methods were a concern to many authors, but no quantitative research on this topic has so far been conducted
