Learning security through computer games: Studying user behavior in a real-world situation

Abstract

This paper discusses how learning material in the form of computer games in the area of ICT security affect ICT security usage. The findings from a conducted user-study show that computer games can be efficient learning environments when using security tools in terms of accessibility, safety, and speed. By replicating an earlier usability study, in which the participants utilised security tools to send and receive encrypted emails, the practical consequences of learning via a Game-Based Instruction were evaluated; the findings show that none of the participants who were given the chosen computer game as an instruction before the actual assignment did make any serious error when applying their security knowledge in contrast to the participants who did not receive any instruction in forehand. They also finished the assignment faster than the corresponding participants. To be able to evaluate the "practical knowledge" acquired, a model for Vital Security Functions was created that allows for comparison of security usage between high-level security applications. © 2007 International Federation for Information Processing.