Cybersecurity educational games: a theoretical framework
Information and Computer Security
ISSN: 2056-4961
Article publication date: 3 September 2021
Issue publication date: 29 March 2022
Abstract
Purpose
Computer games that teach cybersecurity concepts have been developed to help both individuals and organizations shore up their defence against cybercrimes. Evidence of the effectiveness of these games has been rather weak, however. This paper aims to guide the design and testing of more effective cybersecurity educational games by developing a theoretical framework.
Design/methodology/approach
A review of the literature is conducted to explore the dependent variable of this research stream, learning outcomes and its relationship with four independent variables, game characteristics, game context, learning theory and user characteristics.
Findings
The dependent variable can be measured by five learning outcomes: information, content, strategic knowledge, eagerness to learn/time spent and behavioral change. Game characteristics refer to features that contribute to a game’s usefulness, interactivity, playfulness or attractiveness. Game context pertains to factors that determine how a game is used, including the target audience, the skill involved and the story. Learning theory explains how learning takes place and can be classified as behaviorism, cognitivism, humanism, social learning or constructivism. User characteristics including gender, age, computer experience, knowledge and perception, are attributes that can impact users’ susceptibility to cybercrimes and hence learning outcomes.
Originality/value
The framework facilitates taking stock of past research and guiding future research. The use of the framework is illustrated in a critique of two research streams. Multiple research directions are discussed for continued research into the design and testing of next-generation cybersecurity computer games.
Keywords
Citation
Hwang, M.I. and Helser, S. (2022), "Cybersecurity educational games: a theoretical framework", Information and Computer Security, Vol. 30 No. 2, pp. 225-242. https://doi.org/10.1108/ICS-10-2020-0173
Publisher
:Emerald Publishing Limited
Copyright © 2021, Emerald Publishing Limited