Game-based Learning Applications in Cyber Security Education
When it comes to securely interacting with IT systems and the Internet, today's end-users apply various security practices with different levels of conscientiousness. Often they obtain informal knowledge about how to behave securely by friends, family or online. Especially when users are not technically savvy, a proper knowledge and competence level cannot be assumed. Among experts, opinions on what practices to follow and how to behave also vary and the information available online is not consistent. Well-known examples are advice on how to choose passwords or when to trust websites. Finally, these differences in security practices often discourage users and the long-term interest in good security practices is insufficient, which results in users not following security practices properly.
In educational contexts security, privacy and related topics are delivered in computer science classes or via other subjects. Curricular recommendations may contain relevant practices and knowledge but the way of delivery is up to the instructors. A key aspect when it comes to security practices is to keep the motivation and interest of users up, while delivering sufficient knowledge such that users can adapt the knowledge to their own behaviour and reflect. Also, the transfer to new technologies with the development of smart homes and pervasive computing is an important objective.
My research lies in the field of game-based learning and serious games in the context of cyber security education. In recent years, serious games gained increasing attention due to their potential of improving motivation and engagement of learners. Also, new technologies, such as multitouch displays and mobile devices, are interesting for use in education. While there are various small games to educate about cyber threats and security awareness in the corporate world, less applications or games can be found for educational contexts or daily life. One challenge of my research lies in the determination of suitable content, which allows learners to gain proper knowledge about security of IT systems and in the Internet and enable them to risk-aware behaviour. Another challenge will then be to incorporate the learning content into game-based applications with a possible focus on multitouch technology and/or mobile devices.