A Design Theory-Based Gamification Approach for Information Security Training

Abstract

This study reviews previous information security (InfoSec) training studies and identifies three significant gaps. They are (1) lacking pedagogical theories developed specifically in IS training context, therefore, lacking appropriate pedagogical theory-based training approaches; (2) ineffectiveness of InfoSec training delivery methods due to unengaging, non-authentic security risks and training activities; and (3) and lacking an effective way of measuring effectiveness of InfoSec training. The paper proposes employing design theory as the theoretical basis for InfoSec training, and gamification as the main training and testing method to overcome these gaps. We argue that the design theory for InfoSec training associated with gamification can improve learning results for training and effectiveness testing through providing a joyful, realistic and interactive training. An action research is proposed to further evaluate the effectiveness of the approach.