Provoking Interest in Cybersecurity Using Physical Games
摘要
The paper is based upon the need to increase cybersecurity awareness amongst the general user community; an audience for whom the default position is often limited in terms of interest and engagement. Existing awareness approaches (e.g., online courses, informational materials, etc.) are mainly solitary activities, and tend to generate limited and short-lived engagement, particularly for general or non-specialist audiences. However, technology users of all guises need to be encouraged towards baseline cybersecurity literacy, which includes appreciation of basic threats and safeguards. This paper proposes and describes novel approaches to cybersecurity awareness via two new physical-format games. These games employ familiar mechanics: dice rolls and push-your-luck on one hand, and visual recognition and quick reflexes on the other. The rules are simple, and the themes aim to engage players with core cybersecurity concepts such as assets, threats, and defences, and how these concepts interact. Both games are intended at provoking interest, curiosity and discussion in a low-stakes, social context, rather than delivering formal instruction. The discussion details the design rationale of the two games, and discusses findings from user testing sessions. Results indicate that the games are fun, and deemed effective at encouraging conversation and building positive associations with cybersecurity topics.