An effective cyber-security training calls for change of behaviour; the understanding of how different people perceive risks is critical to effective training. Changing behaviour requires more than providing information about risks and reactive behaviours.
Gamification is defined as applying game mechanics in a non-gaming context; Game players regularly exhibit persistence, risk-taking, attention to detail and problem solving; behaviours that are ideally suited for effective cyber-security training.
An effective cyber-security training calls for change of behaviour; the understanding of how different people perceive risks is critical to effective training. Most existing gamified training use defensive strategies, in line with the current dominant practice in cybersecurity, which is, to react, largely, to attacks and not engage in anticipatory or offensive strategies. There is a general lack of attacker-centricity, the characteristics of attackers are seldom incorporated in training to understand these attackers or anticipate their attacks.
Challenge-based leaning is a student-centered pedagogy in which students learn about a subject through the experience of solving an open-ended challenge. Students identify what they need to learn, thus it does not depend on assumptions by the tutor. Some students start with much more basic learning goals than others. This ensures that the learning is relevant to everyone – it starts from students’ current knowledge base.