Use of Serious Games to Incorporate Security Awareness Programs with Skills Training

Abstract

The purpose of this study is to determine the possibility of addressing the shortcoming of Security Awareness training in providing Skills training. The study will also determine if it is possible to create a Serious Game that will provide Skills training. There is a constant increase in cybersecurity attacks. Now, security training is limited to Security Awareness training, which does not provide Skills training. Security Awareness training also lacks motivation elements that can make training more palatable and engaging for individuals. This study will also investigate if Serious Games can help target training towards organizational goals. Most Security Awareness training is administered annually and cannot be changed to meet specific organizational requirements or emerging security threats.

This study begins with the introduction Information Security and the problems that organizations face regarding addressing security threats. Justification for the study is also addressed. The theories and components that will be included in the Serious Game will be included in the Background chapter. The Related work chapter will investigate other resources, how they address the challenges in security risk and game theory and what can be done to address the limitations that were faced in those studies. The Methodology chapter describes the requirements and steps necessary to produce a Serious Game artifact that conveys Information Security concepts and skills in an engaging manner. The Artifact chapter describes the artifact that is the result of the Methodology and a description of what the Serious Game consists of.

There has been progress with Security Awareness training, but little that involves Skills training. There has been little progress with motivating individuals to engage in security training. Further, evaluating the effectiveness of Security Awareness training is limited to post-training tests that only require memorizing parts of the training. These evaluations do not test the effectiveness of the training. The training is not adaptable to organizational needs, which also renders the training less effective. The evaluation of the Serious Game showed that it was effective in providing Skills training and in motivating players. Serious Game can be employed to teach skills and motivate individuals to engage in training. The game can also be adapted to organizational goals and updated as required by an organization.

The purpose of this study is to determine the possibility of addressing the shortcoming of Security Awareness training in providing Skills training. The study will also determine if it is possible to create a Serious Game that will provide Skills training. There is a constant increase in cybersecurity attacks. Now, security training is limited to Security Awareness training, which does not provide Skills training. Security Awareness training also lacks motivation elements that can make training more palatable and engaging for individuals. This study will also investigate if Serious Games can help target training towards organizational goals. Most Security Awareness training is administered annually and cannot be changed to meet specific organizational requirements or emerging security threats.

This study begins with the introduction Information Security and the problems that organizations face regarding addressing security threats. Justification for the study is also addressed. The theories and components that will be included in the Serious Game will be included in the Background chapter. The Related work chapter will investigate other resources, how they address the challenges in security risk and game theory and what can be done to address the limitations that were faced in those studies. The Methodology chapter describes the requirements and steps necessary to produce a Serious Game artifact that conveys Information Security concepts and skills in an engaging manner. The Artifact chapter describes the artifact that is the result of the Methodology and a description of what the Serious Game consists of.

There has been progress with Security Awareness training, but little that involves Skills training. There has been little progress with motivating individuals to engage in security training. Further, evaluating the effectiveness of Security Awareness training is limited to post-training tests that only require memorizing parts of the training. These evaluations do not test the effectiveness of the training. The training is not adaptable to organizational needs, which also renders the training less effective. The evaluation of the Serious Game showed that it was effective in providing Skills training and in motivating players. Serious Game can be employed to teach skills and motivate individuals to engage in training. The game can also be adapted to organizational goals and updated as required by an organization.