Enhancing information security awareness programs through collaborative learning

Abstract

Information security attacks targeting human nature, such as phishing, are rising rapidly. Information security Awareness (ISA) programs have been proven to be valuable proactive measures that increase Return On Investment (ROI) regarding information security enhancement. These programs tend to focus on concepts and technical aspects. Although these customary instruction methodologies have their preferences, trainees can additionally take advantage of educational techniques that are more intuitive and situation driven. This study aims to increase the efficiency of learning in such programmes by using design science to create an artefact for learning and then testing the acquired knowledge. Design science will be used as a research method. The creative method, a brainstorming technique, and five steps in design science are performed: explicate the problem, define requirements, design and develop artefact, demonstrate artefact, and evaluate artefact to develop a process framework to respond to this problem. The problem is explicated with a literature review and the requirements to be met by Game-Based Learning (GBL) are set. The first artefact, which is an interactive book support quizzes, crossword puzzles, multimedia such as video, and “complete the word” simple games that enhance the learning process. The second artefact is a printed board game with hackers and cards with the goal to support the learning process and assess the ability of the participants to respond and take actions based on this new knowledge. At last, limitations that exist in security education such as lack of user-centered modules and limited guidelines from learning theories are elaborated and future work is also presented.