Is attacking more fun than defending? — Observations from Developing and Evaluating Practical Game Based Learning.

Autor: Barth, Valentin, Wanner, Tamara, Gelderie, Marcus, Schüle, Jürgen
Předmět:
Zdroj: Procedia Computer Science; 2024, Vol. 246, p3148-3157, 10p
Abstrakt: Information security training is becoming increasingly relevant in recent years. Common learning methods experience an evolution towards both real-world scenarios (such as phishing simulations), as well as gamified learning and training materials. In this paper, we attempt to shed light on the role the game design as well as the target audience play in its effectiveness. For our study, we used four games that were developed over the course of three years. The games cover a spectrum of design decisions: We compare (1) simulation games (e.g. games that simulate a workspace) to games that are more abstract, (2) games with an attacker-perspective to games with a defender-perspective and (3) whether prior experience of the player with IT security incidents have an impact. To this end, we conducted an empirical study built on the Gamefulquest questionnaire to assess the perceived gamefulness. We found that most studied factors show no statistically significant impact. This is a surprising result and can have major implications for the cost-benefit calculus during development stages. One statistically significant and surprising result is the role a subject's prior exposure to IT-security incidents has: Subjects who have been exposed find some games more difficult than subjects who have not. This effect might lead to counterproductive results: Subjects without exposure can be mislead into a false sense of acuity. [ABSTRACT FROM AUTHOR]
Databáze: Supplemental Index