ABSTRACT
This thesis looks at ways how to use serious games to evaluate cybersecurity-related competences. Various case studies show how competency-driven design of technical exercises can help to target specific competencies in a scalable manner.
- Mackenzie Adams and Maged Makramalla. 2015. Cybersecurity skills training: an attacker-centric gamified approach. Technology Innovation Management Review 5, 1 (2015).Google ScholarCross Ref
- Ashley A Cain, Morgan E Edwards, and Jeremiah D Still. 2018. An exploratory study of cyber hygiene behaviors and knowledge. Journal of information security and applications 42 (2018), 36--45.Google ScholarCross Ref
- Tom Chothia and Chris Novakovic. 2015. An offline capture the flag-style virtual machine and an assessment of its value for cybersecurity education. In 2015 {USENIX} Summit on Gaming, Games, and Gamification in Security Education (3GSE 15)Google Scholar
- Yu-kai Chou. 2015. Actionable gamification: beyond points, badges, and leaderboards. Octalysis Group, United States.Google Scholar
- Jessica Dawson and Robert Thomson. 2018. The future cybersecurity workforce: Going beyond technical skills for successful cyber performance. Frontiers in psychology 9 (2018).Google Scholar
- Timothy J Ellis and Yair Levy. 2009. Towards a Guide for Novice Researchers on Research Methodology: Review and Proposed Methods. Issues in Informing Science & Information Technology 6 (2009).Google Scholar
- Margus Ernits, Kaie Maennel, Sten Mäses, Olaf Maennel, and Toomas Lepik. [n.d.]. From Simple Scoring Towards a Meaningful Interpretation of Learning in Cybersecurity Exercises. ([n. d.]). UNPUBLISHED.Google Scholar
- Juho Hamari, Jonna Koivisto, Harri Sarsa, et al. 2014. Does Gamification Work?-A Literature Review of Empirical Studies on Gamification.. In HICSS, Vol. 14. 3025--3034.Google ScholarDigital Library
- Diane S Henshel, Gary M Deckard, Brad Lufkin, Norbou Buchler, Blaine Hoffman, Prashanth Rajivan, and Steve Collman. 2016. Predicting proficiency in cyber defense team exercises. In MILCOM 2016-2016 IEEE Military Communications Conference. IEEE, 776--781.Google ScholarCross Ref
- Kaie Maennel, Sten Mäses, and Olaf Maennel. 2018. Cyber Hygiene: The Big Picture. In Nordic Conference on Secure IT Systems. Springer, 218--226.Google Scholar
- Kaie Maennel, Rain Ottis, and Olaf Maennel. 2017. Improving and Measuring Learning Effectiveness at Cyber Defense Exercises. In Nordic Conference on Secure IT Systems. Springer, 123--138.Google ScholarCross Ref
- Sten Mäses, Heleri Aitsam, and Liina Randmann. [n.d.]. A Method for adding cyberethical behaviour measurements to computer science homework assignments. ([n. d.]). UNPUBLISHED.Google Scholar
- Sten Mäses, Bil Hallaq, and Olaf Maennel. 2017. Obtaining Better Metrics for Complex Serious Games Within Virtualised Simulation Environments. In ECGBL 2017 11th European Conference on Game-Based Learning. Academic Conferences and publishing limited, 428--434.Google Scholar
- Sten Mäses, Kristjan Kikerpill, Kaspar Jüristo, and Olaf Maennel. 2017. Mixed Methods Research Approach and Experimental Procedure for Measuring Human Factors in Cybersecurity Using Phishing Simulations. In ECRM 2019 18th European Conference on Research Methodology for Business and Management Studies. Academic Conferences and publishing limited, 428--434.Google Scholar
- Sten Mäses, Liina Randmann, Olaf Maennel, and Birgy Lorenz. 2018. Stenmap: Framework for Evaluating Cybersecurity-Related Skills Based on Computer Simulations. In Learning and Collaboration Technologies. Learning and Teaching. Springer, 1--13.Google Scholar
- Jelena Mirkovic and Peter AH Peterson. 2014. Class capture-the-flag exercises. In 2014 {USENIX} Summit on Gaming, Games, and Gamification in Security Education (3GSE 14).Google Scholar
- Celia Paulsen, Ernest McDuffie, William Newhouse, and Patricia Toth. 2012. NICE: Creating a cybersecurity workforce and aware public. IEEE Security & Privacy 10, 3 (2012), 76--79.Google ScholarDigital Library
- Philip L Roth, Philip Bobko, and Lynn A McFarland. 2005. A meta-analysis of work sample test validity: Updating and integrating some classic literature. Personnel Psychology 58, 4 (2005), 1009--1037.Google ScholarCross Ref
- Nicolaj Siggelkow. 2007. Persuasion with case studies. Academy of management journal 50, 1 (2007), 20--24.Google Scholar
- Mike Smith. 2005. Testing people at work: competencies in psychometric testing. BPS Blackwell, Malden, MA.Google Scholar
- Richard Weiss, Michael E Locasto, and Jens Mache. 2016. A reflective approach to assessing student performance in cybersecurity exercises. In Proceedings of the 47th ACM Technical Symposium on Computing Science Education. ACM, 597--602.Google ScholarDigital Library
- Joseph Werther, Michael Zhivich, Tim Leek, and Nickolai Zeldovich. 2011. Experiences in cyber security education: The MIT Lincoln laboratory capture-the-flag exercise.. In CSET.Google Scholar
Recommendations
Toward Guidelines for Designing Cybersecurity Serious Games
SIGCSE '21: Proceedings of the 52nd ACM Technical Symposium on Computer Science EducationCybersecurity serious games provide hands-on training of cybersecurity skills and enhance security awareness. Besides the learning content, they use gamification elements to engage and motivate the players. We propose guidelines for creating technical ...
Development and Validation of Serious Games for Teaching Cybersecurity
Serious GamesAbstractSerious games have shown great potential as an instructional tool in various fields by providing improved accessibility to simulations, modeling of environments, and visualizations. However, a challenging problem in the design of serious games has ...
A Brief Review of Game Engines for Educational and Serious Games Development
Gamification is the use of game design elements to enhance the teaching-learning process and turn a regular, non-game activity into a fun, engaging game. Simultaneously, serious games are proposed as an efficient and enjoyable way of conducting ...
Comments