Learning Security through Computer Games: Studying user behavior in a real-world situation

  • Kjell Näckros
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 237)


This paper discusses how learning material in the form of computer games in the area of ICT security affect ICT security usage. The findings from a conducted user-study show that computer games can be efficient learning environments when using security tools in terms of accessibility, safety, and speed. By replicating an earlier usability study, in which the participants utilised security tools to send and receive encrypted emails, the practical consequences of learning via a Game-Based Instruction were evaluated; the findings show that none of the participants who were given the chosen computer game as an instruction before the actual assignment did make any serious error when applying their security knowledge in contrast to the participants who did not receive any instruction in forehand. They also finished the assignment faster than the corresponding participants. To be able to evaluate the “practical knowledge” acquired, a model for Vital Security Functions was created that allows for comparison of security usage between high-level security applications.


ICT Security Education Game-Based Instruction GBI Computer Games Game-Based Learning GBL Knowledge Vital Security Functions VSF Linear instruction Nonlinear instruction Learning preferences 


  1. [1]
    Yngström, L. (1996) A systemic-holistic approach to academic programmes in IT security. Ph.d. thesis: Report series no. 96-021, issn 1101-8526, isrn su-kth/dsv/r-96/21-se, Stockholm University (SU) / Royal Institute of Technology (KTH).Google Scholar
  2. [2]
    Cohen, F. (1998), “Fred Cohen and associates”,, (Accessed 2 Nov 2006)
  3. [3]
    Näckros, K. (2002), Game-based learning within it security education. In H. Armstrong and L. Yngström, editors, Wise2: Proceedings for the IFIP TC11 WG11.8 Second World Conference on Information Security Education, pages 243–260, Perth, Australia, 2001. School of Computer and Information Science, Edith Cowan University, Perth, Western Australia.Google Scholar
  4. [4]
    Näckros, K. and Yngström L. (2004), Applied holistic approach for security awareness and training. In ISSA2004: Proceedings for the fourth annual conference ISSA in IT Security, Johannesburg, South Africa, 2004.Google Scholar
  5. [5]
    Näckros, K. (2005). Visualising Security through Computer Games: Investigating Game-Based Instruction inICT Security: an Experimental Approach. Ph.d. thesis: Report series no. 05-014, isbn 91-7155-077-1, issn 1101-8526, isrn su-kth/dsv/r-05/14-se, Stockholm University (SU) / Royal Institute of Technology (KTH).Google Scholar
  6. [6]
    Whitten, A. and J. D. Tygar (1998), Usability of security: a case study. Technical Report CMU-CS-98-155, Carnegie Mellon University, Pennsylvania, USA.Google Scholar

Copyright information

© International Federation for Information Processing 2007

Authors and Affiliations

  • Kjell Näckros
    • 1
  1. 1.The Department of Computer and Systems SciencesStockholm University and Royal Institute of TechnologySweden

Personalised recommendations