The University of Southampton
University of Southampton Institutional Repository

A pedagogical design model to create serious games for cyber security

A pedagogical design model to create serious games for cyber security
A pedagogical design model to create serious games for cyber security
Cyber attacks have been increasing, and there have been many media reports of attacks against large and small organisations, causing financial loss and reputational damage. Organisations invest in professional training courses for their employees to raise awareness of cyber attacks and related defences. However, traditional approaches have failed to effectively educate employees, as testified by the increasing number of successful cyber attacks exploiting human factors. Serious games are an effective alternative tool to educate and train people on cyber security concepts. There is consensus on the benefits and potential of creating serious games and gamification techniques, which applies game mechanics to non-gaming activities, such as training to make the exercise more engaging. Many serious games have been created without a transparent and formal design process. There are currently several pedagogical models, frameworks, and methodologies for designing and analysing serious games that provide valuable interpretations. None of the models is designed specifically for serious cyber games, and these models focus primarily on high-level aspects and requirements. Many design models fail to address higher-order thinking skills and do not consider the target players’ different needs. They do not help understand how such high-level requirements can be concretely satisfied and not a detailed explanation of how to design a serious game in a step-by-step process. This thesis proposes a new pedagogical model called MOTENS to design serious cyber games for awareness and education. The MOTENS model was developed from the experience of creating Riskio, a multiplayer tabletop game to increase cyber security awareness for people with a technical and non-technical background working in organisations and university students. A new serious game called CIST: A serious single-player online game for hardware security supply chain was designed using the MOTENS model. The CIST game was then tested to verify that the game mechanics design selected using the MOTENS model achieved the desired learning outcomes. The CIST game was played and evaluated in a workshop on hardware security threats and defences for MSc/PhD students. Some issues reported by the students were identified as failure of the CIST game design and not the MOTENS model. As with the Riskio game, the CIST game proved popular with the target players and increased players participation in learning. Further research is required to develop the MOTENS model by creating and designing/evaluating different types of serious cyber games.
Serious gaming, Cyber security education, Gamification, Design, Training effectiveness
University of Southampton
Hart, Stephen
d9ad5153-ca09-418a-b3a5-078ea1b48536
Hart, Stephen
d9ad5153-ca09-418a-b3a5-078ea1b48536
Sassone, Vladimiro
df7d3c83-2aa0-4571-be94-9473b07b03e7
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33
Paci, Federica MF
9fbf3e5b-ae03-40e8-a75a-3657cbc9216e

Hart, Stephen (2022) A pedagogical design model to create serious games for cyber security. University of Southampton, Doctoral Thesis, 290pp.

Record type: Thesis (Doctoral)

Abstract

Cyber attacks have been increasing, and there have been many media reports of attacks against large and small organisations, causing financial loss and reputational damage. Organisations invest in professional training courses for their employees to raise awareness of cyber attacks and related defences. However, traditional approaches have failed to effectively educate employees, as testified by the increasing number of successful cyber attacks exploiting human factors. Serious games are an effective alternative tool to educate and train people on cyber security concepts. There is consensus on the benefits and potential of creating serious games and gamification techniques, which applies game mechanics to non-gaming activities, such as training to make the exercise more engaging. Many serious games have been created without a transparent and formal design process. There are currently several pedagogical models, frameworks, and methodologies for designing and analysing serious games that provide valuable interpretations. None of the models is designed specifically for serious cyber games, and these models focus primarily on high-level aspects and requirements. Many design models fail to address higher-order thinking skills and do not consider the target players’ different needs. They do not help understand how such high-level requirements can be concretely satisfied and not a detailed explanation of how to design a serious game in a step-by-step process. This thesis proposes a new pedagogical model called MOTENS to design serious cyber games for awareness and education. The MOTENS model was developed from the experience of creating Riskio, a multiplayer tabletop game to increase cyber security awareness for people with a technical and non-technical background working in organisations and university students. A new serious game called CIST: A serious single-player online game for hardware security supply chain was designed using the MOTENS model. The CIST game was then tested to verify that the game mechanics design selected using the MOTENS model achieved the desired learning outcomes. The CIST game was played and evaluated in a workshop on hardware security threats and defences for MSc/PhD students. Some issues reported by the students were identified as failure of the CIST game design and not the MOTENS model. As with the Riskio game, the CIST game proved popular with the target players and increased players participation in learning. Further research is required to develop the MOTENS model by creating and designing/evaluating different types of serious cyber games.

Text
Stephen_Hart_Thesis_May_2022 - Version of Record
Available under License University of Southampton Thesis Licence.
Download (33MB)
Text
SH Permission to deposit thesis - form
Restricted to Repository staff only
Available under License University of Southampton Thesis Licence.

More information

Submitted date: May 2022
Published date: 30 June 2022
Keywords: Serious gaming, Cyber security education, Gamification, Design, Training effectiveness

Identifiers

Local EPrints ID: 457783
URI: http://eprints.soton.ac.uk/id/eprint/457783
PURE UUID: 10980514-43ae-4b25-b008-ec8a065e0234
ORCID for Basel Halak: ORCID iD orcid.org/0000-0003-3470-7226
ORCID for Federica MF Paci: ORCID iD orcid.org/0000-0003-3122-0236

Catalogue record

Date deposited: 16 Jun 2022 16:56
Last modified: 17 Mar 2024 03:25

Export record

Contributors

Author: Stephen Hart
Thesis advisor: Vladimiro Sassone
Thesis advisor: Basel Halak ORCID iD
Thesis advisor: Federica MF Paci ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×