Scenarios Development for the “CyberGuardian” Cybersecurity Management Serious Game

Effective cybersecurity management protects companies and individuals from financial and reputational harm in the digital world. Nevertheless, a global shortage of cybersecurity professionals increases vulnerability to cyberattacks. Swiss universities are tasked with integrating lesser-covered cybersecurity topics into their curricula to meet the demands of a fast-evolving technology landscape. Innovative teaching methods, such as serious games, enhance traditional curricula by improving academic results and engaging students more effectively.

Portmann, Sabina, 2024

Type of Thesis Master Thesis
Client
Supervisor Scherb, Christopher, Grieder, Hermann
Views: 4 - Downloads: 1
This thesis aims to develop serious game scenarios that train undergraduates in practical cybersecurity management skills. The scenarios are created based on an “Information Security System Manager” role defined by the National Initiative for Cybersecurity (NICE). Furthermore, the scenarios are structured in accordance with the National Institute of Standards and Technology (NIST) phases, which are identify, protect, detect, respond and recover.
This research follows the design science research methodology, which involves a systematic literature review and market analysis of existing serious games. In addition, the developed scenarios were then tested through two cycles of academic and professional expert interviews to evaluate the educational and practical effectiveness of the game concept.
The findings show that well-designed game scenarios can contribute to training undergraduates in cybersecurity management. The literature review showed that there are currently no serious games that specifically target cybersecurity management. There is a lack of evidence about which game elements are most useful in this context. Additionally, a comparison of the NICE and ECSF frameworks identified important skills for cybersecurity management roles, including risk assessment, network security, and response strategies. The validation process indicated that experts responded favourably to the game concept's ability to teach cybersecurity management topics engagingly and interactively. The validation revealed that experts believed the game effectively communicated critical cybersecurity management concepts. Experts observed that the game introduced students to important tasks such as identifying security vulnerabilities, implementing safeguards, and responding to cyber incidents. They noted that the game's realistic scenarios allowed students to practice decision-making in a safe environment. Experts also mentioned that the interactive format could keep students engaged and help them deepen their understanding. A serious game can facilitate students' comprehension of theoretical concepts while allowing them to practise in a secure environment and enhance their awareness of cybersecurity management topics. Future research should concentrate on optimising the game concept, including a detailed elaboration of each scenario and exploration of didactic implementations, followed by developing and testing a prototype to assess its suitability.
Studyprogram: Business Information Systems (Master)
Keywords Serious Games, Scenario Development, Cybersecurity Management, NICE, NIST, Higher Education, Universities, Undergraduates, Students
Confidentiality: öffentlich
Type of Thesis
Master Thesis
Authors
Portmann, Sabina
Supervisor
Scherb, Christopher, Grieder, Hermann
Publication Year
2024
Thesis Language
English
Confidentiality
Public
Studyprogram
Business Information Systems (Master)
Location
Olten
Keywords
Serious Games, Scenario Development, Cybersecurity Management, NICE, NIST, Higher Education, Universities, Undergraduates, Students