Abstract
This study examines the effect of a gamified information security education system (ISES) on developing users’ information security awareness and protection behavioral intention. We developed a research model based on affordance theory and means-end chain theory. Using a scenario-based experimental survey approach, we obtained 220 valid samples and then conducted partial-least-squares structural equation modeling (PLS-SEM) to test the model. The results showed that (1) the affordance of the gamified ISES can enhance users’ information security awareness through both emotional and cognitive paths; (2) information security awareness positively influences information security protection behavioral intention, but physical presence and information security knowledge growth do not; and (3) interest-type curiosity positively moderates the relationship between enjoyment affordance and physical presence, and deprivation-type curiosity positively moderates the relationship between knowledge affordance and information security knowledge growth. This study identifies the emotional and cognitive stimulation paths of the gamified ISES to enhance users' information security awareness and protection behavior intention and reveals the moderating role of curiosity, which enriches the empirical research on the impact mechanism of the gamified education system in the field of information security. In addition, our research can provide practical and feasible suggestions for education departments and design units to reasonably apply and design gamified ISESs. The influence of education level and other factors on information security protection behavioral intention can be further explored in future research.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Acquah, E. O., & Katz, H. T. (2020). Digital game-based L2 learning outcomes for primary through high-school students: A systematic literature review. Computers & Education, 143, 103667. https://doi.org/10.1016/j.compedu.2019.103667
Agarwal, R., & Karahanna, E. (2000). Time flies when you're having fun: Cognitive absorption and beliefs about information technology usage. MIS Quarterly, 24(4), 665–694. https://doi.org/10.2307/3250951
Al-Emran, M., Mezhuyev, V., & Kamaludin, A. (2018). Students’ perceptions towards the integration of knowledge management processes in M-learning systems: a preliminary study. International Journal of Engineering Education, 34(2), 371–380.
Al-Emran, M., & Teo, T. (2020). Do knowledge acquisition and knowledge sharing really affect e-learning adoption? An empirical study. Education and Information Technologies, 25(3), 1983–1998. https://doi.org/10.1007/s10639-019-10062-w
AlMindeel, R., & Martins, J. T. (2020). Information security awareness in a developing country context: insights from the government sector in Saudi Arabia. Information Technology & People, 34(2), 770–788. https://doi.org/10.1108/ITP-06-2019-0269
Bada, M., Sasse, A. M., & Nurse, J. R. (2019). Cyber security awareness campaigns: Why do they fail to change behaviour?. arXiv preprint arXiv:1901.02672. https://doi.org/10.48550/arXiv.1901.02672
Bitrián, P., Buil, I., & Catalán, S. (2021). Enhancing user engagement: The role of gamification in mobile apps. Journal of Business Research, 132, 170–185. https://doi.org/10.1016/j.jbusres.2021.04.028
Bouchrika, I., Harrati, N., Wanick, V., & Wills, G. (2021). Exploring the impact of gamification on student engagement and involvement with e-learning systems. Interactive Learning Environments, 29(8), 1244–1257. https://doi.org/10.1080/10494820.2019.1623267
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523–548. https://doi.org/10.2307/25750690
Çakıroğlu, Ü., Başıbüyük, B., Güler, M., Atabay, M., & Memiş, B. Y. (2017). Gamifying an ICT course: Influences on engagement and academic performance. Computers in Human Behavior, 69, 98–107. https://doi.org/10.1016/j.chb.2016.12.018
Chen, H., & Yuan, Y. (2023). The impact of ignorance and bias on information security protection motivation: a case of e-waste handling. Internet Research. Advance online publication, https://doi.org/10.1108/INTR-04-2022-0238
Chergui, W., Zidat, S., & Marir, F. (2020). An approach to the acquisition of tacit knowledge based on an ontological model. Journal of King Saud University-Computer and Information Sciences, 32(7), 818–828. https://doi.org/10.1016/j.jksuci.2018.09.012
Chin, W. W., Marcolin, B. L., & Newsted, P. R. (2003). A partial least squares latent variable modeling approach for measuring interaction effects: Results from a Monte Carlo simulation study and an electronic-mail emotion/adoption study. Information Systems Research, 14(2), 189–217. https://doi.org/10.1287/isre.14.2.189.16018
da Rocha Seixas, L., Gomes, A. S., & de Melo Filho, I. J. (2016). Effectiveness of gamification in the engagement of students. Computers in Human Behavior, 58, 48–63. https://doi.org/10.1016/j.chb.2015.11.021
D'Arcy, J., Hovav, A., & Galletta, D. (2009). User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research, 20(1), 79–98. https://doi.org/10.1287/isre.1070.0160
Davis, F. D., Bagozzi, R. P., & Warshaw, P. R. (1992). Extrinsic and intrinsic motivation to use computers in the workplace1. Journal of Applied Social Psychology, 22(14), 1111–1132. https://doi.org/10.1111/j.1559-1816.1992.tb00945.x
Deterding, S., Dixon, D., Khaled, R., & Nacke, L. (2011). From game design elements to gamefulness: defining" gamification". Proceedings of the 15th International Academic MindTrek Conference: Envisioning Future media Environments (Tampere, Finland, September 28-30, 2011), 9-15. https://doi.org/10.1145/2181037.2181040
Donalds, C., & Osei-Bryson, K. M. (2020). Cybersecurity compliance behavior: Exploring the influences of individual decision style and other antecedents. International Journal of Information Management, 51, 102056. https://doi.org/10.1016/j.ijinfomgt.2019.102056
Fang, Y. H. (2014). Beyond the credibility of electronic word of mouth: Exploring eWOM adoption on social networking sites from affective and curiosity perspectives. International Journal of Electronic Commerce, 18(3), 67–102. https://doi.org/10.2753/JEC1086-4415180303
Flores, W. R., & Ekstedt, M. (2016). Shaping intention to resist social engineering through transformational leadership, information security culture and awareness. Computers & Security, 59, 26–44. https://doi.org/10.1016/j.cose.2016.01.004
Fornell, C., & Bookstein, F. L. (1982). Two structural equation models: LISREL and PLS applied to consumer exit-voice theory. Journal of Marketing Research, 19(4), 440–452. https://doi.org/10.1177/002224378201900406
Fornell, C., & Larcker, D. F. (1981). Structural equation models with unobservable variables and measurement error: Algebra and statistics. Journal of Marketing Research, 18(3), 382–388. https://doi.org/10.1177/002224378101800313
Friedrich, J., Becker, M., Kramer, F., Wirth, M., & Schneider, M. (2020). Incentive design and gamification for knowledge management. Journal of Business Research, 106, 341–352. https://doi.org/10.1016/j.jbusres.2019.02.009
Futcher, L., Schroder, C., & von Solms, R. (2010). Information security education in South Africa. Information Management & Computer Security, 18(5), 366–374. https://doi.org/10.1108/09685221011095272
Gainsbury, S. M., Browne, M., & Rockloff, M. (2019). Identifying risky Internet use: Associating negative online experience with specific online behaviours. New Media & Society, 21(6), 1232–1252. https://doi.org/10.1177/1461444818815442
Gaston, S. J. (1996). Information security : strategies for successful management. CICA Publishing.
Gefen, D., Rigdon, E. E., & Straub, D. (2011). Editor's comments: an update and extension to SEM guidelines for administrative and social science research. MIS Quarterly, 35(2), 1–7. https://doi.org/10.2307/23044042
Gibson, G. (1977). The Theory of Affordances. In R. Shaw & J. Bransford (Eds.), Perceiving, Acting, and Knowing: Toward an Ecological Psychology (pp. 67–82). Lawrence Erlbaum.
Gjertsen, E. G. B., Gjære, E. A., Bartnes, M., & Flores, W. R. (2017). Gamification of Information Security Awareness and Training. Proceedings of the 3rd International Conference on Information Systems Security and Privacy (Porto, Portugal, February 19-21, 2017)59-70. https://doi.org/10.5220/0006128500590070
Gottlieb, J., Oudeyer, P. Y., Lopes, M., & Baranes, A. (2013). Information-seeking, curiosity, and attention: computational and neural mechanisms. Trends in Cognitive Sciences, 17(11), 585–593. https://doi.org/10.1016/j.tics.2013.09.001
Gutman, J. (1982). A means-end chain model based on consumer categorization processes. Journal of Marketing, 46(2), 60–72. https://doi.org/10.1177/002224298204600207
Haeussinger, F., & Kranz, J. (2013). Information security awareness: Its antecedents and mediating effects on security compliant behavior. International Conference on Information Systems 2013(Milano, Italy, December 15-18, 2013), 34.
Hakulinen, L., Auvinen, T., & Korhonen, A. (2013). Empirical study on the effect of achievement badges in TRAKLA2 online learning environment. 2013 Learning and teaching in computing and engineering (Macau, Macau, March 21-24, 2013), 47-54. https://doi.org/10.1109/LaTiCE.2013.34
Hamari, J., Koivisto, J., & Sarsa, H. (2014). Does gamification work?--a literature review of empirical studies on gamification. 2014 47th Hawaii international conference on system sciences (Waikoloa, Hawaii, January 6-9, 2014), 3025-3034. https://doi.org/10.1109/HICSS.2014.377
Hamid, A., Alam, M., Sheherin, H., & Pathan, A. S. K. (2020). Cyber security concerns in social networking service. International Journal of Communication Networks and Information Security, 12(2), 198–212. https://doi.org/10.54039/IJCNIS.V12I2.4634
He, W., & Wei, K. K. (2009). What drives continued knowledge sharing? An investigation of knowledge-contribution and-seeking beliefs. Decision Support Systems, 46(4), 826–838. https://doi.org/10.1016/j.dss.2008.11.007
Heid, K., Heider, J., & Qasempour, K. (2020). Raising Security Awareness on Mobile Systems through Gamification. Proceedings of the European Interdisciplinary Cybersecurity Conference (New York, United States, November 18, 2020), 1-6. https://doi.org/10.1145/3424954.3424958
Hsu, C. C., & Wang, T. I. (2018). Applying game mechanics and student-generated questions to an online puzzle-based game learning system to promote algorithmic thinking skills. Computers & Education, 121, 73–88. https://doi.org/10.1016/j.compedu.2018.02.002
Huotari, K., & Hamari, J. (2017). A definition for gamification: anchoring gamification in the service marketing literature. Electronic Markets, 27(1), 21–31. https://doi.org/10.1007/s12525-015-0212-z
Hwang, I., Wakefield, R., Kim, S., & Kim, T. (2021). Security awareness: The first step in information security compliance behavior. Journal of Computer Information Systems, 61(4), 345–356. https://doi.org/10.1080/08874417.2019.1650676
Hwang, J., & Choi, L. (2020). Having fun while receiving rewards?: Exploration of gamification in loyalty programs for consumer loyalty. Journal of Business Research, 106, 365–376. https://doi.org/10.1016/j.jbusres.2019.01.031
IJsselsteijn, W. A., De Ridder, H., Freeman, J., & Avons, S. E. (2000). Presence: concept, determinants, and measurement. Human Vision and Electronic Imaging V, 3959, 520–529. https://doi.org/10.1117/12.387188
Internet Society of China. (2021). Survey report on protection of rights and interests of chinese internet user. https://m.zhuangpeitu.com/article/46633315.html
Jaeger, L. (2018). Information security awareness: literature review and integrative framework. Proceedings of the 51st Hawaii International Conference on System Sciences (Waikoloa, Hawaii, January 3-6, 2018). https://doi.org/10.24251/HICSS.2018.593
Jayawardena, N. S., Ross, M., Quach, S., Behl, A., & Gupta, M. (2021). Effective online engagement strategies through gamification: A systematic literature review and a future research agenda. Journal of Global Information Management, 30(5), 1–25. https://doi.org/10.4018/JGIM.290370
John, A. (2021). What to Do If You’ re Concerned About the T-Mobile Data Breach. Consumer Reports. Retrieved April 14, 2022, from https://www.consumerreports.org/data-theft/t-mobile-databreach-what-to-do-a7157173229/
Kashdan, T. B., Disabato, D. J., Goodman, F. R., & McKnight, P. E. (2020). The Five-Dimensional Curiosity Scale Revised (5DCR): Briefer subscales while separating overt and covert social curiosity. Personality and Individual Differences, 157, 109836. https://doi.org/10.1016/j.paid.2020.109836
Kim, E. B. (2014). Recommendations for information security awareness training for college students. Information Management & Computer Security, 22(1), 115–126. https://doi.org/10.1108/IMCS-01-2013-0005
Kim, H. W., Chan, H. C., & Gupta, S. (2007). Value-based adoption of mobile internet: an empirical investigation. Decision Support Systems, 43(1), 111–126. https://doi.org/10.1016/j.dss.2005.05.009
Kline, R. B. (2015). Principles and practice of structural equation modeling. Guilford publications. https://doi.org/10.25336/csp29418
Koivisto, J., & Hamari, J. (2019). The rise of motivational information systems: A review of gamification research. International Journal of Information Management, 45, 191–210. https://doi.org/10.1016/j.ijinfomgt.2018.10.013
Koo, D. M., & Choi, Y. Y. (2010). Knowledge search and people with high epistemic curiosity. Computers in Human Behavior, 26(1), 12–22. https://doi.org/10.1016/j.chb.2009.08.013
Κούρτης, A. (2020). Raising information security awareness: the role of gamification. Aegean Univ Dept of Information and Communication Systems Engineering.
Kweon, E., Lee, H., Chai, S., & Yoo, K. (2021). The utility of information security training and education on cybersecurity incidents: an empirical evidence. Information Systems Frontiers, 23(2), 361–373. https://doi.org/10.1007/s10796-019-09977-z
Landers, R. N., & Armstrong, M. B. (2017). Enhancing instructional outcomes with gamification: An empirical test of the Technology-Enhanced Training Effectiveness Model. Computers in Human Behavior, 71, 499–507. https://doi.org/10.1016/j.chb.2015.07.031
Lauriola, M., Litman, J. A., Mussel, P., De Santis, R., Crowson, H. M., & Hoffman, R. R. (2015). Epistemic curiosity and self-regulation. Personality and Individual Differences, 83, 202–207. https://doi.org/10.1016/j.paid.2015.04.017
León, A. M., Ferrer, J. M. R., Parra, J. M. A., Campoy, J. M. F., Trigueros, R., & Martínez, A. M. M. (2022). Play and learn: Influence of gamification and game-based learning in the reading processes of secondary school students. Revista de Psicodidáctica (English ed.), 27(1), 38–46. https://doi.org/10.1016/j.psicoe.2021.08.001
Leppard, P., Russell, C. G., & Cox, D. N. (2004). Improving means-end-chain studies by using a ranking method to construct hierarchical value maps. Food Quality and Preference, 15(5), 489–497. https://doi.org/10.1016/j.foodqual.2003.09.001
Lin, Y. L., & Lin, H. W. (2017). Learning results and terminal values from the players of SimCity and The Sims. Behaviour & Information Technology, 36(2), 209–222. https://doi.org/10.1080/0144929X.2016.1208772
Litman, J. A. (2008). Interest and deprivation factors of epistemic curiosity. Personality and Individual Differences, 44(7), 1585–1595. https://doi.org/10.1016/j.paid.2008.01.014
Litman, J. A. (2010). Relationships between measures of I-and D-type curiosity, ambiguity tolerance, and need for closure: An initial test of the wanting-liking model of information-seeking. Personality and Individual Differences, 48(4), 397–402. https://doi.org/10.1016/j.paid.2009.11.005
Lou, J., Fang, Y., Lim, K. H., & Peng, J. Z. (2013). Contributing high quantity and quality knowledge to online Q & A communities. Journal of the American Society for Information Science and Technology, 64(2), 356–371. https://doi.org/10.1002/asi.22750
Lyu, T., Geng, Q., & Yu, D. (2023). Research on the relationship between network insight, supply chain integration and enterprise performance. Systems, 11(1), 10. https://doi.org/10.3390/systems11010010
Lyu, T., Guo, Y., & Lin, H. (2022). Understanding green supply chain information integration on supply chain process ambidexterity: The mediator of dynamic ability and the moderator of leaders’ networking ability. Frontiers in Psychology, 13, 1088077. https://doi.org/10.3389/fpsyg.2022.1088077
Mamonov, S., & Benbunan-Fich, R. (2018). The impact of information security threat awareness on privacy-protective behaviors. Computers in Human Behavior, 83, 32–44. https://doi.org/10.1016/j.chb.2018.01.028
Mekler, E. D., Brühlmann, F., Tuch, A. N., & Opwis, K. (2017). Towards understanding the effects of individual gamification elements on intrinsic motivation and performance. Computers in Human Behavior, 71, 525–534. https://doi.org/10.1016/j.chb.2015.08.048
Mischel, W. (1973). Toward a cognitive social learning reconceptualization of personality. Psychological Review, 80(4), 252–283. https://doi.org/10.1037/h0035002
Moro, S., Ramos, P., Esmerado, J., & Jalali, S. M. J. (2019). Can we trace back hotel online reviews’ characteristics using gamification features? International Journal of Information Management, 44, 88–95. https://doi.org/10.1016/j.ijinfomgt.2018.09.015
Mylonas, A., Kastania, A., & Gritzalis, D. (2013). Delegate the smartphone user? Security awareness in smartphone platforms. Computers & Security, 34, 47–66. https://doi.org/10.1016/j.cose.2012.11.004
Nesheim, T., & Gressgård, L. J. (2014). Knowledge sharing in a complex organization: Antecedents and safety effects. Safety Science, 62, 28–36. https://doi.org/10.1016/j.ssci.2013.07.018
Ning Shen, K., & Khalifa, M. (2008). Exploring multidimensional conceptualization of social presence in the context of online communities. International Journal of Human–Computer Interaction, 24(7), 722–748. https://doi.org/10.1080/10447310802335789
Norman, D. A. (1998). The invisible computer: why good products can fail, the personal computer is so complex, and information appliances are the solution. MIT Press. https://doi.org/10.1016/s0898-1221(99)90243-2
Nwokeji, J. C., Matovu, R., & Rawal, B. (2020). The use of Gamification to Teach Cybersecurity Awareness in information systems. Proceedings of the 2020 AIS SIGED International Conference on Information Systems Education and Research. 29.
O’ Sullivan, D. (2021). Half a billion Facebook users’ information posted on hacking website, cyber experts say. CNN Business. Retrieve April 14, 2022, from https://edition.cnn.com/2021/04/04/tech/facebook-user-info-leaked/index.html
Ofosu-Ampong, K. (2020). The shift to gamification in education: A review on dominant issues. Journal of Educational Technology Systems, 49(1), 113–137. https://doi.org/10.1177/0047239520917629
Ofosu-Ampong, K., Boateng, R., Anning-Dorson, T., & Kolog, E. A. (2020). Are we ready for Gamification? An exploratory analysis in a developing country. Education and Information Technologies, 25(3), 1723–1742. https://doi.org/10.1007/s10639-019-10057-7
Olson, J. C., & Reynolds, T. J. (2001). The means-end approach to understanding consumer decision making. Understanding consumer decision making: The means-end approach to marketing and advertising strategy, 3-20.
Park, M., & Chai, S. (2020). Comparing the effects of two methods of education (online versus offline) and gender on information security behaviors. Asia Pacific Journal of Information Systems, 30(2), 308–327. https://doi.org/10.14329/apjis.2020.30.2.308
Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., & Jerram, C. (2014). Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q). Computers & Security, 42, 165–176. https://doi.org/10.1016/j.cose.2013.12.003
Pawlowski, S. D., & Jung, Y. (2015). Social representations of cybersecurity by university students and implications for instructional design. Journal of Information Systems Education, 26(4), 281–294.
Petter, S., Straub, D., & Rai, A. (2007). Specifying formative constructs in information systems research. MIS Quarterly, 31(4), 623–656. https://doi.org/10.2307/25148814
Rhee, H. S., Kim, C., & Ryu, Y. U. (2009). Self-efficacy in information security: Its influence on end users' information security practice behavior. Computers & Security, 28(8), 816–826. https://doi.org/10.1016/j.cose.2009.05.008
Rhee, H. S., Ryu, Y., & Kim, C. T. (2005). I am fine but you are not: Optimistic bias and illusion of control on information security. ICIS 2005 Proceedings, 32.
Riar, M., Morschheuser, B., Zarnekow, R., & Hamari, J. (2022). Gamification of cooperation: A framework, literature review and future research agenda. International Journal of Information Management, 67, 102549. https://doi.org/10.1016/j.ijinfomgt.2022.102549
Ros, S., Gonzalez, S., Robles, A., Tobarra, L. L., Caminero, A., & Cano, J. (2020). Analyzing students’ self-perception of success and learning effectiveness using gamification in an online cybersecurity course. IEEE Access, 8, 97718–97728. https://doi.org/10.1109/ACCESS.2020.2996361
Schneider, B. (1982). Interactional psychology and organizational behavior. Michigan State Univ East Lansing Dept of Psychology.
Schöbel, S., Janson, A., Jahn, K., Kordyaka, B., Turetken, O., Djafarova, N., & Leimeister, J. M. (2020). A research agenda for the why, what, and how of gamification designs: Outcomes of an ECIS 2019 panel. Communications of the Association for Information Systems, 46(1), 30. https://doi.org/10.17705/1CAIS.04630
Scholefield, S., & Shepherd, L. A. (2019). Gamification techniques for raising cyber security awareness. International Conference on Human-Computer Interaction, 11594, 191–203.
Seaborn, K., & Fels, D. I. (2015). Gamification in theory and action: A survey. International Journal of Human-Computer Studies, 74, 14–31. https://doi.org/10.1016/j.ijhcs.2014.09.006
Shaw, R. S., Chen, C. C., Harris, A. L., & Huang, H. J. (2009). The impact of information richness on information security awareness training effectiveness. Computers & Education, 52(1), 92–100. https://doi.org/10.1016/j.compedu.2008.06.011
Sheng, H., Siau, K., & Nah, F. F. H. (2010). Understanding the values of mobile technology in education: a value-focused thinking approach. ACM SIGMIS Database: the DATABASE for Advances in Information Systems, 41(2), 25–44. https://doi.org/10.1145/1795377.1795380
Simonofski, A., Zuiderwijk, A., Clarinval, A., & Hammedi, W. (2022). Tailoring open government data portals for lay citizens: A gamification theory approach. International Journal of Information Management, 65, 102511. https://doi.org/10.1016/j.ijinfomgt.2022.102511
Song, S., Zhao, Y. C., Yao, X., Ba, Z., & Zhu, Q. (2021). Short video apps as a health information source: an investigation of affordances, user experience and users’ intention to continue the use of TikTok. Internet Research, 31(6), 2120–2124. https://doi.org/10.1108/INTR-10-2020-0593
Suh, A., Cheung, C. M., Ahuja, M., & Wagner, C. (2017). Gamification in the workplace: The central role of the aesthetic experience. Journal of Management Information Systems, 34(1), 268–305. https://doi.org/10.1080/07421222.2017.1297642
Suh, A., & Wagner, C. (2017). How gamification of an enterprise collaboration system increases knowledge contribution: an affordance approach. Journal of Knowledge Management, 21(2), 416–431. https://doi.org/10.1108/JKM-10-2016-0429
Sun, K., Qiu, L., & Zuo, M. (2017). Gamification on senior citizen’s information technology learning: The mediator role of intrinsic motivation. International Conference on Human Aspects of IT for the Aged Population, 10297, 461–476. https://doi.org/10.1007/978-3-319-58530-7_35
Sun, P. C., Cheng, H. K., & Finger, G. (2009). Critical functionalities of a successful e-learning system—An analysis from instructors' cognitive structure toward system usage. Decision Support Systems, 48(1), 293–302. https://doi.org/10.1016/j.dss.2009.08.007
Sun, Y., Shao, X., Li, X., Guo, Y., & Nie, K. (2019). How live streaming influences purchase intentions in social commerce: An IT affordance perspective. Electronic Commerce Research and Applications, 37, 100886. https://doi.org/10.1016/j.elerap.2019.100886
Taha, N., & Dahabiyeh, L. (2021). College students information security awareness: a comparison between smartphones and computers. Education and Information Technologies, 26(2), 1721–1736. https://doi.org/10.1007/s10639-020-10330-0
Tan, W. K., Sunar, M. S., & Goh, E. S. (2022). Analysis of the College Underachievers’ Transformation via Gamified Learning Experience. Entertainment Computing, 44, 100524. https://doi.org/10.1016/j.entcom.2022.100524
Tang, X., & Salmela-Aro, K. (2021). The prospective role of epistemic curiosity in national standardized test performance. Learning and Individual Differences, 88, 102008. https://doi.org/10.1016/j.lindif.2021.102008
Treem, J. W., & Leonardi, P. M. (2013). Social media use in organizations: Exploring the affordances of visibility, editability, persistence, and association. Annals of the International Communication Association, 36(1), 143–189. https://doi.org/10.1080/23808985.2013.11679130
Tsai, H. Y. S., Jiang, M., Alhabash, S., LaRose, R., Rifon, N. J., & Cotten, S. R. (2016). Understanding online safety behaviors: A protection motivation theory perspective. Computers & Security, 59, 138–150. https://doi.org/10.1016/j.cose.2016.02.009
Tuominen, H., Niemivirta, M., Lonka, K., & Salmela-Aro, K. (2020). Motivation across a transition: Changes in achievement goal orientations and academic well-being from elementary to secondary school. Learning and Individual Differences, 79, 101854. https://doi.org/10.1016/j.lindif.2020.101854
Verhagen, T., Vonkeman, C., Feldberg, F., & Verhagen, P. (2014). Present it like it is here: Creating local presence to improve online product experiences. Computers in Human Behavior, 39, 270–280. https://doi.org/10.1016/j.chb.2014.07.036
Wasko, M. M., & Faraj, S. (2000). “It is what one does”: why people participate and help others in electronic communities of practice. The Journal of Strategic Information Systems, 9(2-3), 155–173. https://doi.org/10.1016/S0963-8687(00)00045-7
Whittaker, L., Mulcahy, R., & Russell-Bennett, R. (2021). ‘Go with the flow’for gamification and sustainability marketing. International Journal of Information Management, 61, 102305. https://doi.org/10.1016/j.ijinfomgt.2020.102305
Woodward, B., Imboden, T., & Martin, N. L. (2013). An undergraduate information security program: More than a curriculum. Journal of Information Systems Education, 24(1), 63–70.
Workman, M., Bommer, W. H., & Straub, D. (2008). Security lapses and the omission of information security measures: A threat control model and empirical test. Computers in Human Behavior, 24(6), 2799–2816. https://doi.org/10.1016/j.chb.2008.04.005
Wu, T., Tien, K. Y., Hsu, W. C., & Wen, F. H. (2021). Assessing the Effects of Gamification on Enhancing Information Security Awareness Knowledge. Applied Sciences, 11(19), 9266. https://doi.org/10.3390/app11199266
Xi, N., & Hamari, J. (2019). Does gamification satisfy needs? A study on the relationship between gamification features and intrinsic need satisfaction. International Journal of Information Management, 46, 210–221. https://doi.org/10.1016/j.ijinfomgt.2018.12.002
Xie, F. (2020). Personal information protection in the era of big data. Proceedings of the 5th International Conference on Economics, Management, Law and Education (EMLE 2019) (Krasnodar, Russia, October 11-12, 2019), 1027-1030. https://doi.org/10.2991/aebmr.k.191225.196
Xu, J., Du, H. S., Shen, K. N., & Zhang, D. (2022). How gamification drives consumer citizenship behaviour: The role of perceived gamification affordances. International Journal of Information Management, 64, 102477. https://doi.org/10.1016/j.ijinfomgt.2022.102477
Yoon, C., Hwang, J. W., & Kim, R. (2012). Exploring factors that influence students’ behaviors in information security. Journal of Information Systems Education, 23(4), 407–416.
Zhang, H., Lu, Y., Gupta, S., & Zhao, L. (2014). What motivates customers to participate in social commerce? The impact of technological environments and virtual customer experiences. Information & Management, 51(8), 1017–1030. https://doi.org/10.1016/j.im.2014.07.005
Zhang, S., Lu, Y., & Lu, B. (2023). Shared Accommodation services in the sharing economy: Understanding the effects of psychological distance on booking behavior. Journal of Theoretical and Applied Electronic Commerce Research, 18(1), 311–332. https://doi.org/10.3390/jtaer18010017
Zwilling, M., Klien, G., Lesjak, D., Wiechetek, Ł., Cetin, F., & Basim, H. N. (2022). Cyber security awareness, knowledge and behavior: a comparative study. Journal of Computer Information Systems, 62(1), 82–97. https://doi.org/10.1080/08874417.2020.1712269
Acknowledgement
This study is funded by Humanities and Social Science Fund, Ministry of Education of China (No. 20YJC630003), China Postdoctoral Science Foundation (No. 2021T140353, 2021M691688), and Postdoctoral Applied Research Project of Qingdao City in China.
Data availability
The datasets generated during and/or analysed during the current study are not publicly available due the scientific research data management policies of the author's college but are available from the corresponding author on reasonable request.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
None.
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendices
Appendix 1
We used a gamified applet produced by the Uxin Banner government (Inner Mongolia Autonomous Region, China) as the quasi-experimental scenario program. The applet contains a total of six levels, and participants can experience it on any smartphone device or tablet device. The applet focuses on network information security, transmits information security protection knowledge, cultivates security awareness, and stimulates security behavior to people in a gamified form through real cases in the daily life of the public. The gamification elements contained in the applet are presented in dynamic form, including level breaking, story narration, and instant feedback. We show these elements in the following screenshots (Figure 4).
We take the fourth level of the applet as an example to show the interface, including (a) initial interface, (b) the interface of the fourth level, (c) interface for answering correctly and (d) answer analysis interface, (e) interface for answering incorrectly and (f) answer analysis interface, and (g) game over interface. When the participant answers the question correctly, it will jump to the answer analysis interface (d) to provide information security tips in more scenarios. When the participant answers the question incorrectly, a security warning page appears (f), prompting the participant by means of a yellow label and text in large blue font. Participants will be asked to answer the question again until it is answered correctly.
The screenshots of the gamified applet
Appendix 2
Enjoyment Affordance (Agarwal & Karahanna, 2000; Kim et al., 2007) | |
ENJ1 | Using this gamified applet provides me with a lot of enjoyment. |
ENJ2 | I have fun interacting with this gamified applet. |
ENJ3 | I enjoy using this gamified applet. |
ENJ4 | Using this gamified applet bores me (reversed). |
Knowledge Affordance (Al-Emran et al., 2018; Al-Emran & Teo, 2020) | |
KNO1 | This gamified applet facilitates the process of acquiring information security knowledge. |
KNO2 | This gamified applet allows me to generate a new information security knowledge based on my existing knowledge. |
KNO3 | This gamified applet enables me to acquire information security knowledge through various functions (such as question and answer, story scenarios, and instant feedback). |
KNO4 | This gamified applet assists me to acquire the information security knowledge that suits my needs. |
Psychology Presence (Shen & Khalifa, 2008; Verhagen et al., 2014) | |
PP1 | The experience I had on this gamified applet was similar to memories of experiencing the information security event in reality. |
PP2 | I experienced the information security event on this gamified applet like they were in the real world. |
PP3 | During my experience on this gamified applet the information security events seemed to me “something in reality” rather than “something in a virtual environment”. |
PP4 | While I was on this gamified applet the information security events were as present to me as in the “real world”. |
InforSec Knowledge Growth (He & Wei, 2009; Lou et al., 2013) | |
ISKG1 | Using this gamified applet promotes my information security knowledge growth and development. |
ISKG2 | Using this gamified applet reinforces my competence in protecting information security. |
ISKG3 | Using this gamified applet helps strengthen my understanding of information security protection. |
ISKG4 | Using this gamified applet sharpens my information security knowledge. |
InforSec Awareness (D'Arcy et al., 2009; Bulgurcu et al., 2010) | |
ISA1 | Through this gamified applet, I am aware of the importance of personal information security protection. |
ISA2 | Through this gamified applet, I understand the concerns regarding information security and the risks they pose in general. |
ISA3 | Through this gamified applet, I think it is necessary to participate in the training to improve my information security awareness. |
InforSec Protection Intention (Workman et al., 2008; Yoon et al., 2012) | |
ISPI1 | I will take precautions against personal information security violations. |
ISPI2 | I will actively use information security technology to protect personal information. |
ISPI3 | I will use personal information security protections. |
Interest-type Curiosity (Litman, 2008) | |
I-C1 | Enjoy learning about subjects that are unfamiliar to me. |
I-C2 | Learn something new, like to find out more about it. |
I-C3 | Enjoy exploring new ideas. |
I-C4 | Enjoy discussing abstract concepts. |
Deprivation-type Curiosity (Litman, 2008) | |
D-C1 | Conceptual problems keep me awake thinking. |
D-C2 | Work like a fiend at problems that I feel must be solved. |
D-C3 | Hours on a problem because I can’t rest without answer. |
D-C4 | Brood for a long time to solve problem. |
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Chen, H., Zhang, Y., Zhang, S. et al. Exploring the role of gamified information security education systems on information security awareness and protection behavioral intention. Educ Inf Technol 28, 15915–15948 (2023). https://doi.org/10.1007/s10639-023-11771-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10639-023-11771-z