SERIOUS GAMES FOR CYBERSECURITY: EVALUATING A DESIGN FRAMEWORK

Serious games indicate “games that do not have entertainment, enjoyment or fun as their primary purpose” (Kalmpourtzis, 2018). They are incredibly helpful in learning new topics, developing skills, and acquiring new knowledge and can be used in several contexts (health, politics, marketing, etc.). One of the main problems in designing serious games is the lack of models or frameworks able to support it. A framework called “Design Framework for Serious Games”, was developed to face this limitation; it contains various properties that range from design to virtual reality. The goal of the study is to determine whether it is suitable and applicable to serious games concerning cybersecurity that lack virtual reality aspects. More specifically, the framework is composed of five main sections: technology properties, design properties, serious games design properties, immersive properties, and observations, each associated with sub-properties. Technology Properties concern the output and input devices and the integrated development environment (IDE) used to develop the game. Design Properties involve the methodology used when developing the game and the team involved in the process, respectively corresponding to the sections Design Methodology and Design Team. Serious Games Design Properties refer to how the games are built and their characteristics: competition/cooperation mode, mechanics, UI elements, camera model, interaction model, scenario, characters, storyline, and navigation mechanism. Immersion Properties de- scribe the extent to which the games can deliver a vivid illusion of reality to the senses of a human participant. This section is composed of five sub-properties: inclusive, extensive, surrounding, vivid and proprioceptive matching (Slater & Wilbur, 1997). Finally, in the section Observations, the pros, cons, and annotations about the game can be written down. With the aim to assess whether the framework is suitable to the context of cybersecurity educational games, the study maps the framework using fifteen serious games for cybersecurity. The selected games address various branches of the topic, such as threats, types of attacks and defense mechanisms, with the goal of spreading awareness and training novice people to understand the severity and importance of security issues. The mapping brought some interesting results: the framework offers a clear and systematic methodology to examine and evaluate serious games; at the same time, negative aspects were identified, which were subject of review and improvement. A new version of the framework is proposed in which a refinement of each section was performed by adding specialization and further categorization. The removal of some unused or unmappable properties was also carried out.