Analysis of Gamification in Cybersecurity Education for Students: A Systematic Literature Review
DOI:
https://doi.org/10.30983/educative.v8i2.7513Keywords:
CIA Triad, Gamification, Cybersecurity, Cybersecurity Education, Systematic Literature ReviewAbstract
The increasingly complex digital era requires a deeper comprehension of cybersecurity threats, particularly in educational settings. The imperative to establish an interactive and adaptive learning environment, responsive to technological advancements, makes the adoption of gamification elements as an innovative method to heighten student involvement and deliver crucial knowledge in the context of cybersecurity. To tackle these challenges, this research outlines the cause-and-effect relationships, focusing on the connection between the evolution of cybersecurity knowledge areas and gamification elements found in earlier literature. By specifying the components of the CIA Triad—Confidentiality, Integrity, and Availability—this study establishes a strong foundation for investigating how gamification elements can harmonize with the cybersecurity requirements in this digital era. The research utilizes a systematic literature review method based on inclusion and exclusion criteria, the research identifies 13 Google Scholar-indexed articles published between 2018 and 2023. These findings reveal a correlation between gamification elements and the CIA Triad aspects, along with Venn diagrams in recent cyber threats and attacks. This offers a foundation for the development of more potent pedagogical approaches in delivering cybersecurity materials to the generation maturing in this digital era.
Era digital yang semakin kompleks menuntut pemahaman yang lebih mendalam terhadap ancaman keamanan siber, khususnya di lingkungan pendidikan. Adapun kebutuhan untuk menciptakan lingkungan pembelajaran yang menarik dan responsif terhadap perkembangan teknologi informasi mendorong penerapan elemen-elemen gamifikasi sebagai metode inovatif yang dapat meningkatkan keterlibatan siswa dan menyampaikan pengetahuan krusial dalam konteks keamanan siber. Dalam rangka mengatasi tantangan ini, penelitian ini menjelaskan secara rinci pola sebab dan akibat, dengan fokus pada korelasi antara pengembangan area wawasan keamanan siber dengan elemen-elemen gamifikasi dalam literatur terdahulu. Dengan merinci aspek-aspek CIA Triad, yakni Confidentiality, Integrity, dan Availability, penelitian ini menciptakan dasar yang kuat untuk mengeksplorasi bagaimana elemen-elemen gamifikasi dapat menyelaraskan diri dengan kebutuhan keamanan siber di era digital ini. Penelitian ini menggunakan metode systematic literature review berdasarkan kriteria inklusi dan eksklusi, menghasilkan 13 artikel terindeks Google Scholar yang diterbitkan di tahun 2018-2023. Hasil penelitian menunjukkan adanya korelasi antara elemen-elemen gamifikasi dan aspek CIA Triad, serta diagram venn yang mengilustrasikan kesesuaian elemen gamifikasi dengan aspek CIA Triad pada ancaman dan serangan siber terbaru sehingga dapat memberikan landasan untuk pengembangan pedagogi yang lebih efektif dalam menyampaikan materi keamanan siber kepada generasi yang tumbuh dalam era digital ini.
References
Books
Bell, David, An Introduction to Cybercultures (Routledge, 2006)
Kapp, Karl M., The Gamification of Learning and Instruction: Game-Based Methods and Strategies for Training and Education (John Wiley & Sons, 2012)
Keen, Andrew, The Internet Is Not the Answer (Atlantic Books Ltd, 2015)
Riyanarto Sarno, Irsyat Iffano, Sistem Manajemen Keamanan Informasi (Surabaya: ITS Press, 2009)
Werbach, Kevin, and Dan Hunter, ‘For the Win: How Game Thinking Can Revolutionize Your Business: 9781613630235: Amazon.Com: Books’, Universadad de Pensylvania, 2012, 146 <https://www.amazon.com/Win-Game-Thinking-Revolutionize-Business/dp/1613630239/ref=pd_sim_14_3?_encoding=UTF8&psc=1&refRID=4FRM3MYBDM74G24R5R8Q>
Journals
Abu, Md Sahrom, Siti Rahayu Selamat, Aswami Ariffin, and Robiah Yusof, ‘Cyber Threat Intelligence – Issue and Challenges’, Indonesian Journal of Electrical Engineering and Computer Science, 10.1 (2018), 371–79 <https://doi.org/10.11591/ijeecs.v10.i1.pp371-379>
Akiyama, Mitsuaki, Takeshi Yagi, and Kazufumi Aoki, ‘For Observing Web-Based Attack Cycle’, 2013, 223–43
Alothman, Basil, Khaznah Al-Khulifa, Reem Al-Shammari, Chibli Joumaa, and Murad Khan, ‘Towards Enhancing Cyber Security Awareness Using Gamification Escape Room’, International Conference on Ubiquitous and Future Networks, ICUFN, 2023-July (2023), 828–30 <https://doi.org/10.1109/ICUFN57995.2023.10199673>
Arachchilage, Nalin Asanka Gamagedara, and Mumtaz Abdul Hameed, ‘Integrating Self-Efficacy into a Gamified Approach to Thwart Phishing Attacks’, 2017 <http://arxiv.org/abs/1706.07748>
Bellekens, Xavier, Gayan Jayasekara, Hanan Hindy, Miroslav Bures, David Brosset, Christos Tachtatzis, and others, From Cyber-Security Deception to Manipulation and Gratification Through Gamification, Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Springer International Publishing, 2019), 11594 LNCS <https://doi.org/10.1007/978-3-030-22351-9_7>
Benedikt, Michael, ‘Introduction to Cyberspace: First Steps’, Cyberspace: First Steps, 1991, 458 <https://archive.org/details/CyberspaceFirstSteps/mode/2up>
Brady, Callum, and Andrew M’Manga, ‘Gamification of Cyber Security Training-EnsureSecure’, Proceedings - 2022 IEEE International Conference on e-Business Engineering, ICEBE 2022, 2022, 7–12 <https://doi.org/10.1109/ICEBE55470.2022.00010>
Broholm, Rasmus, Michael Christensen, and Lene Tolstrup Sorensen, ‘Exploring Gamification Elements to Enhance User Motivation in a Cyber Security Learning Platform Through Focus Group Interviews’, Proceedings - 7th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2022, 2022, 470–76 <https://doi.org/10.1109/EuroSPW55150.2022.00056>
Continella, Andrea, Alessandro Guagnelli, Giovanni Zingaro, Giulio De Pasquale, Alessandro Barenghi, Stefano Zanero, and others, ‘ShieldFS: A Self-Healing, Ransomware-Aware File System’, ACM International Conference Proceeding Series, 5-9-Decemb (2016), 336–47 <https://doi.org/10.1145/2991079.2991110>
DeCarlo, Sean M, ‘Measuring the Application of Knowledge Gained from the Gamification of Cybersecurity Training in Healthcare’, May, 2020, 90 <https://search.proquest.com/docview/2461612243/abstract/C50CBA5A6DB14D3CPQ/1%0Ahttps://media.proquest.com/media/hms/PFT/2/9z0ZH?cit%3Aauth=DeCarlo%2C+Sean+M.&cit%3Atitle=Measuring+the+Application+of+Knowledge+Gained+from+the+Gamification+...&cit%3Apub=Pro>
Diakoumakos, Jason, Evangelos Chaskos, Nicholas Kolokotronis, and George Lepouras, ‘Cyber-Range Federation and Cyber-Security Games: A Gamification Scoring Model’, Proceedings of the 2021 IEEE International Conference on Cyber Security and Resilience, CSR 2021, 2021, 186–91 <https://doi.org/10.1109/CSR51186.2021.9527972>
Fatokun Faith, B., Zalizah Awang Long, Suraya Hamid, O. Fatokun Johnson, Christopher Ifeanyi Eke, and Azah Norman, ‘An Intelligent Gamification Tool to Boost Young Kids Cybersecurity Knowledge on FB Messenger’, Proceedings of the 2022 16th International Conference on Ubiquitous Information Management and Communication, IMCOM 2022, 2022 <https://doi.org/10.1109/IMCOM53663.2022.9721733>
Ferreira, Ana, ‘Why Ransomware Needs A Human Touch’, Proceedings - International Carnahan Conference on Security Technology, 2018-Octob (2018), 1–5 <https://doi.org/10.1109/CCST.2018.8585650>
Fleischman, Katja, and Ellen Ariel, ‘Gamification in Science Education: Gamifying Learning of Microscopic Processes in the Laboratory’, Contemporary Educational Technology, 7.2 (2020), 138–59 <https://doi.org/10.30935/cedtech/6168>
Gabriel˙e Kvietinskait˙e, Linas Bukauskas, and Virgilijus Krinickij, ‘Cyber Security Table-Top Exercise Gamification with Dynamic Scenario for Qualification Assessment’, Springer, 1654 (2022), 54–62 <https://doi.org/https://doi.org/10.1007/978-3-031-19679-9_8>
Gadre, Monica, ‘Data Security in Cloud Security Attacks and Preventive Measures’, International Journal for Research in Applied Science and Engineering Technology, 6.3 (2018), 529–36 <https://doi.org/10.22214/ijraset.2018.3085>
Gjertsen, Eyvind Garder B., Erlend Andreas Gjære, Maria Bartnes, and Waldo Rocha Flores, ‘Gamification of Information Security Awareness and Training’, ICISSP 2017 - Proceedings of the 3rd International Conference on Information Systems Security and Privacy, 2017-Janua.January (2017), 59–70 <https://doi.org/10.5220/0006128500590070>
Hamdan, Zainab, Iman Obaid, Asma Ali, Hanan Hussain, Amala V. Rajan, and Jinesh Ahamed, ‘Protecting Teenagers from Potential Internet Security Threats’, Proceedings of the 2013 International Conference on Current Trends in Information Technology, CTIT 2013, 2013, 143–52 <https://doi.org/10.1109/CTIT.2013.6749493>
Harilal, Athul, Flavio Toffalini, Ivan Homoliak, John Castellanos, Juan Guarnizo, Soumik Mondal, and others, ‘The Wolf of SUTD (TWOS): A Dataset of Malicious Insider Threat Behavior Based on a Gamified Competition’, Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 9.1 (2018), 54–85 <https://doi.org/10.22667/JOWUA.2018.03.31.054>
Hartwig, Katrin, Atlas Englisch, Jan Pelle Thomson, and Christian Reuter, ‘Finding Secret Treasure? Improving Memorized Secrets through Gamification’, ACM International Conference Proceeding Series, 2021, 105–17 <https://doi.org/10.1145/3481357.3481509>
Höltervennhoff, Sandra, and Nicolas Huaman, ‘“ Would You Give the Same Priority to the Bank and a Game ? I Do Not !†Exploring Credential Management Strategies and Obstacles during Password Manager Setup This Paper Is Included in the Proceedings of the Nineteenth Symposium on Usable Privacy and Secu’, 2023
Indrajit, R E, ‘Enam Aspek Menjaga Dan Melindungi Dunia Maya’, … (Internet and Infrastructure/Coordination Center) …, 2017 <https://www.academia.edu/download/33264299/Aspek_menjaga_dan_melindungi_dunia_maya.pdf>
Kim, Jung Tae, and Won Hyung Lee, ‘Dynamical Model for Gamification of Learning (DMGL)’, Multimedia Tools and Applications, 74.19 (2015), 8483–93 <https://doi.org/10.1007/s11042-013-1612-8>
Kuzlu, Murat, Corinne Fair, and Ozgur Guler, ‘Role of Artificial Intelligence in the Internet of Things (IoT) Cybersecurity’, Discover Internet of Things, 1.1 (2021) <https://doi.org/10.1007/s43926-020-00001-4>
Lika, Reyner Aranta, Danushyaa Murugiah, Sarfraz Nawaz Brohi, and Daksha A.P.V. Ramasamy, ‘NotPetya: Cyber Attack Prevention through Awareness via Gamification’, 2018 International Conference on Smart Computing and Electronic Enterprise, ICSCEE 2018, 2018, 1–6 <https://doi.org/10.1109/ICSCEE.2018.8538431>
Matovu, Richard, Joshua C. Nwokeji, Terry Holmes, and Tajmilur Rahman, ‘Teaching and Learning Cybersecurity Awareness with Gamification in Smaller Universities and Colleges’, Proceedings - Frontiers in Education Conference, FIE, 2022-Octob (2022), 1–9 <https://doi.org/10.1109/FIE56618.2022.9962519>
McClaskey, Tiffany M., ‘Tabletop Exercises: Gamification in Cybersecurity’, ProQuest (Utica University, 2022)
Mclaughlin, Kevin, ‘A Quantitative Study of Learner Choice in Cybersecurity Training: Do They Even Want Gamification?’ (Colorado Technical University, 2023)
Nicho, Mathew, ‘Gam-Apt: A Serious Game Attribute Taxonomy for Advanced Persistent Threats’, section V, 2020, 61–68 <https://doi.org/10.33965/ac2020_202013l008>
Nikander, Jussi, Onni Manninen, and Mikko Laajalahti, ‘Requirements for Cybersecurity in Agricultural Communication Networks’, Computers and Electronics in Agriculture, 179.September (2020), 105776 <https://doi.org/10.1016/j.compag.2020.105776>
Ntsama, JE, C Fachkha, and PB Owomo, ‘A Gamification Architecture to Enhance Phishing Awareness’, Researchgate.Net, September, 2023 <https://www.researchgate.net/profile/Claude-Fachkha-2/publication/374053419_A_Gamification_Architecture_to_Enhance_Phishing_Awareness/links/650afbb8c05e6d1b1c1ef6b0/A-Gamification-Architecture-to-Enhance-Phishing-Awareness.pdf>
Nurhasanah, Nurhasanah, and Indra Rahmatullah, ‘Financial Technology and the Legal Protection of Personal Data: The Case of Malaysia and Indonesia’, Al-Risalah: Forum Kajian Hukum Dan Sosial Kemasyarakatan, 20.2 (2020), 197–214 <https://doi.org/10.30631/al-risalah.v20i2.602>
Paryati, ‘Keamanan Sistem Informasi’, Seminar Nasional Informatika 2008 (SemnasIF 2008) UPN ‘Veteran’ Yogyakarta, 24 Mei 2008, 2008.semnasIF (2008), 379–86
Patel, Raj Kumar, Dr. Lalan Kumar Singh, and Dr. Narendra Kumar, ‘Literature Review of Distributed: Denial of Service Attack Protection’, International Journal for Research in Applied Science and Engineering Technology, 11.1 (2023), 1032–36 <https://doi.org/10.22214/ijraset.2023.48673>
Pawar, Mohan V., and J. Anuradha, ‘Network Security and Types of Attacks in Network’, Procedia Computer Science, 48.C (2015), 503–6 <https://doi.org/10.1016/j.procs.2015.04.126>
Priya, P Mohana, and Abhijit Ranganathan, ‘Cyber Awareness Learning Imitation Environment (CALIE): A Card Game to Provide Cyber Security Awareness for Various Group of Practitioners’, International Journal of Advanced Networking and Applications, 14.2 (2022), 5334–41 <http://0-search.proquest.com.www.elgar.govt.nz/scholarly-journals/cyber-awareness-learning-imitation-environment/docview/2734720451/se-2%0Ahttps://media.proquest.com/media/hms/PFT/1/fjIwP?_a=ChgyMDIyMTExNjE2NTQyMTYyMzoxMTc1NzcSBTU3MDYyGgpPTkVfU0VBUkNIIgwx>
Qusa, Hani, and Jumana Tarazi, ‘Cyber-Hero: A Gamification Framework for Cyber Security Awareness for High Schools Students’, 2021 IEEE 11th Annual Computing and Communication Workshop and Conference, CCWC 2021, 2021, 677–82 <https://doi.org/10.1109/CCWC51732.2021.9375847>
Ricoy, MarÃa Carmen, and Cristina Sánchez-MartÃnez, ‘Raising Ecological Awareness and Digital Literacy in Primary School Children through Gamification’, International Journal of Environmental Research and Public Health, 19.3 (2022) <https://doi.org/10.3390/ijerph19031149>
Robson, Karen, Kirk Plangger, Jan H. Kietzmann, Ian McCarthy, and Leyland Pitt, ‘Is It All a Game? Understanding the Principles of Gamification’, Business Horizons, 58.4 (2015), 411–20 <https://doi.org/10.1016/j.bushor.2015.03.006>
Routray, Siddharth, Debachudamani Prusti, and Santanu Kumar Rath, Ransomware Attack Detection by Applying Machine Learning Techniques, Lecture Notes in Electrical Engineering (Springer Nature Singapore, 2023), 997 LNEE <https://doi.org/10.1007/978-981-99-0085-5_62>
Schole, Sam, and Lynsay A Shepherd, ‘Gami Fi Cation Techniques for Raising Cyber Security Awareness’, 2019, 191–203 <https://doi.org/10.1007/978-3-030-22351-9>
Sugianti, Nadila, Yayang Galuh, Salma Fatia, and Khadijah Fahmi Hayati Holle, ‘Deteksi Serangan Distributed Denia of Services (DDOS) Berbasis HTTP Menggunakan Metode Fuzzy Sugeno’, JISKA (Jurnal Informatika Sunan Kalijaga), 4.3 (2020), 18 <https://doi.org/10.14421/jiska.2020.43-03>
Sumra, Irshad Ahmed, Halabi Bin Hasbullah, and Jamalul Lail Bin AbManan, ‘Attacks on Security Goals (Confidentiality, Integrity, Availability) in VANET: A Survey’, Advances in Intelligent Systems and Computing, 306.June 2014 (2015), 51–61 <https://doi.org/10.1007/978-981-287-158-9_5>
Tchakounté, Franklin, Leonel Kanmogne Wabo, and Marcellin Atemkeng, ‘A Review of Gamification Applied to Phishing’, March, 2020, 1–26 <https://doi.org/10.20944/preprints202003.0139.v1>
Ullah, Subhan, Tahir Ahmad, Rizwan Ahmad, and Mudassar Aslam, ‘Prevention of Cryptojacking Attacks in Business and FinTech Applications’, Handbook of Research on Cybersecurity Issues and Challenges for Business and FinTech Applications, 2022, 266–87 <https://doi.org/10.4018/978-1-6684-5284-4.ch014>
Vekaria, Komal Bhupendra, Prasad Calyam, Songjie Wang, Ramya Payyavula, Matthew Rockey, and Nafis Ahmed, ‘Cyber Range for Research-Inspired Learning of “Attack Defense by Pretense†Principle and Practice’, IEEE Transactions on Learning Technologies, 14.3 (2021), 322–37 <https://doi.org/10.1109/TLT.2021.3091904>
Wahyudin, Yudin, and Dhian Nur Rahayu, ‘Analisis Metode Pengembangan Sistem Informasi Berbasis Website: A Literatur Review’, Jurnal Interkom: Jurnal Publikasi Ilmiah Bidang Teknologi Informasi Dan Komunikasi, 15.3 (2020), 26–40 <https://doi.org/10.35969/interkom.v15i3.74>
Wang, Qing, Zhenyu Chen, Junjie Wang, and Yang Feng, Intelligent Crowdsourced Testing, Intelligent Crowdsourced Testing, 2022 <https://doi.org/10.1007/978-981-16-9643-5>
Wijaya, William, Intan Farahana Kamsin, Zety Marlia, Zainal Abidin, Hemalata Vasudavan, Bukit Jalil, and others, ‘Gamified Tailored Roleplay Story-Based Phishing Awareness Training’, International Journal of Data Science and Advanced Analytics, 4 (2018), 146–53
Wojcicki, Natasha M, ‘Phishing Attacks: Preying on Human Psychology to Beat the System and Developing Cybersecurity Protections to Reduce the Risks.’, World Libraries, 23.1 (2019), 1–14 <https://widgets.ebscohost.com/prod/customerspecific/ns000545/customproxy.php?url=https://search.ebscohost.com/login.aspx?direct=true&db=lxh&AN=143379093&%0Alang=pt-pt&site=eds-live&scope=site>
Ypsilanti, Antonia, Ana B. Vivas, Teppo Räisänen, Matti Viitala, Tuula Ijäs, and Donald Ropes, ‘Are Serious Video Games Something More than a Game? A Review on the Effectiveness of Serious Games to Facilitate Intergenerational Learning’, Education and Information Technologies, 19.3 (2014), 515–29 <https://doi.org/10.1007/s10639-014-9325-9>
Yunus, Crystal Callista Anak, and Tan Kim Hua, ‘Exploring a Gamified Learning Tool in the ESL Classroom: The Case of Quizizz’, Journal of Education and E-Learning Research, 8.1 (2021), 103–8 <https://doi.org/10.20448/JOURNAL.509.2021.81.103.108>
Zainuddin, Zamzami, Muhammad Shujahat, Hussein Haruna, and Samuel Kai Wah Chu, ‘The Role of Gamified E-Quizzes on Student Learning and Engagement: An Interactive Gamification Solution for a Formative Assessment System’, Computers and Education, 145 (2020), 103729 <https://doi.org/10.1016/j.compedu.2019.103729>
Online References
Informatika, Kementerian Komunikasi dan, ‘Aplikasi Undangan Pernikahan Digital’, 2023 <https://www.kominfo.go.id/content/detail/47121/hoaks-aplikasi-undangan-pernikahan-digital/0/laporan_isu_hoaks> [accessed 5 November 2023]
News, The Hacker, ‘FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies’, 2023 <https://thehackernews.com/2023/09/fbi-warns-of-rising-trend-of-dual.html> [accessed 5 November 2023]
Publik, Biro Hukum dan Komunikasi, ‘Ancaman Siber Makin Kompleks Jelang Pemilu 2024, BSSN Reviu Keamanan Siber Dan Sandi Pada KPUD Sulawesi Utara’, 2023 <https://www.bssn.go.id/ancaman-siber-makin-kompleks-jelang-pemilu-2024-bssn-reviu-keamanan-siber-dan-sandi-pada-kpud-sulawesi-utara/> [accessed 5 November 2023]
———, ‘Terbitkan Annual Report Berisi Prediksi Ancaman Siber 2023, BSSN: Materi Literasi Budaya Keamanan Siber Dan Buktikan Akuntabilitas Kinerja’, 2023 <https://www.bssn.go.id/annualreport2022/> [accessed 5 November 2023]
Downloads
Submitted
Accepted
Published
Issue
Section
License
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).