TY - JOUR A1 - Roepke, Rene A1 - Köhler, Klemens A1 - Drury, Vincent A1 - Schroeder, Ulrik A1 - Wolf, Martin A1 - Meyer, Ulrike T1 - A pond full of phishing games - analysis of learning games for anti-phishing education JF - Model-driven Simulation and Training Environments for Cybersecurity. MSTEC 2020 N2 - Game-based learning is a promising approach to anti-phishing education, as it fosters motivation and can help reduce the perceived difficulty of the educational material. Over the years, several prototypes for game-based applications have been proposed, that follow different approaches in content selection, presentation, and game mechanics. In this paper, a literature and product review of existing learning games is presented. Based on research papers and accessible applications, an in-depth analysis was conducted, encompassing target groups, educational contexts, learning goals based on Bloom’s Revised Taxonomy, and learning content. As a result of this review, we created the publications on games (POG) data set for the domain of anti-phishing education. While there are games that can convey factual and conceptual knowledge, we find that most games are either unavailable, fail to convey procedural knowledge or lack technical depth. Thus, we identify potential areas of improvement for games suitable for end-users in informal learning contexts. Y1 - 2020 SN - 978-3-030-62433-0 U6 - http://dx.doi.org/10.1007/978-3-030-62433-0_32020 N1 - Lecture Notes in Computer Science, vol 12512 SP - 41 EP - 60 PB - Springer CY - Cham ER - TY - JOUR A1 - Köhler, Klemens A1 - Wolf, Martin T1 - Organisatorische Maßnahmen zu Erhöhung der IT Sicherheit – Empfehlungen aus der Perspektive der Konflikttheorie N2 - Die NATO definiert den Cyberspace als die "Umgebung, die durch physische und nicht-physische Bestandteile zum Speichern, Ändern, und Austauschen von Daten mit Hilfe von Computer-Netzwerken" [NATO CCDCOE]. Darüber hinaus ist es ein Medium menschlicher Interaktion. IT Angriffe sind feindselige, nichtkooperative Interaktionen, die mittels Konflikttheorie beschrieben werden können. Durch die Anwendung dieses Gedankengebäudes auf IT Sicherheit von Organisationen können eine Reihe von Verbesserungen in Unternehmen identifiziert werden. Y1 - 2020 IS - Preprint ER - TY - JOUR A1 - Köhler, Klemens T1 - A conflict theory perspective of IT attacks – consequences for IT security education N2 - Cyberspace is "the environment formed by physical and non-physical components to store, modify, and exchange data using computer networks" (NATO CCDCOE). Beyond that, it is an environment where people interact. IT attacks are hostile, non-cooperative interactions that can be described with conflict theory. Applying conflict theory to IT security leads to different objectives for end-user education, requiring different formats like agency-based competence developing games. Y1 - 2020 IS - Preprint ER - TY - JOUR A1 - Köhler, Klemens A1 - Röpke, René A1 - Wolf, Martin T1 - Through a mirror darkly – On the obscurity of teaching goals in game-based learning in IT security JF - ISAGA 2019: Simulation Gaming Through Times and Disciplines N2 - Teachers and instructors use very specific language communicating teaching goals. The most widely used frameworks of common reference are the Bloom’s Taxonomy and the Revised Bloom’s Taxonomy. The latter provides distinction of 209 different teaching goals which are connected to methods. In Competence Developing Games (CDGs - serious games to convey knowledge) and in IT security education, a two- or three level typology exists, reducing possible learning outcomes to awareness, training, and education. This study explores whether this much simpler framework succeeds in achieving the same range of learning outcomes. Method wise a keyword analysis was conducted. The results were threefold: 1. The words used to describe teaching goals in CDGs on IT security education do not reflect the whole range of learning outcomes. 2. The word choice is nevertheless different from common language, indicating an intentional use of language. 3. IT security CDGs use different sets of terms to describe learning outcomes, depending on whether they are awareness, training, or education games. The interpretation of the findings is that the reduction to just three types of CDGs reduces the capacity to communicate and think about learning outcomes and consequently reduces the outcomes that are intentionally achieved. KW - IT security education KW - Competence Developing Games KW - Game-based learning KW - Keyword analysis KW - Bloom’s Taxonomy Y1 - 2021 U6 - http://dx.doi.org/10.1007/978-3-030-72132-9_6 N1 - ISAGA 2019 - International Simulation and Gaming Association Conference. 26-30 August 2019. Warsaw, Poland. Part of the Lecture Notes in Computer Science book series (LNCS, volume 11988) SP - 61 EP - 73 PB - Springer CY - Cham ER -