FUN VIDEO GAMES FOR LEARNING INFORMATION SECURITY

Video games have become a major part of our lives, and are not limited only to teenagers or children, in fact, nowadays most people between ages of 9 and 25 years have played a video game are familiar with it. Many Information Technology (IT) students in general have difficulties in understanding the importance of Information Security, such as securing a network. Traditional security classes are often professor-centered lectures where students learn basic threats and defense mechanisms, without applying this knowledge. In the field of Information Security and Assurance, there is less opportunity for hands-on learning than other areas of Information Technology such as System Analysis and Databases. A professor cannot inject viruses on a network for students to practice removing them. Applying security concepts could result in threats to the university network and/or illegal action. Simulation tools such as virtual networks running in an isolated environment try to address this issue and are successful to some extent. Video games may be simulations that bridge the gap between theory and practice in Information Security, by creating a scenario where the user must react to a series of events and verify the results within a limited time frame. Furthermore, video games offer an interesting and motivating scenario that is student centered. This project proposed creative methods for teaching security to freshmen as well as junior students who are studying Information security courses. The proposed introduces some important concepts and broadens further knowledge in the field.

The main objectives of the project can be listed as:
a) Motivate and enhance learning strategies.
b) Strengthen the knowledge in Information Security.
c) Make education more entertaining.
d) Consume less time when introducing new topics.

The research objective is to simulate information security scenarios using a video game approach. The research focuses on building a series of security games such as, identification of a password and a spam email. The research was developed using Unity 3D Gaming software and C# computer language. Moreover, for the designing part different types of online websites were considered. The first game scenario introduces password concepts. This game highlights the idea of identifying strong passwords from weak in a creative and entertaining manner. The game has four levels; in each level user should identify the strong password from a pool of passwords. For each level, users will have a specific number of passwords that they need to recognize to pass the next level. To make the game more fun, a timer was added to record the time. The second security game addresses several security concepts, such as identifying spam emails and finding network vulnerabilities. Moreover, the game will include information about the topic, so students will learn and enjoy playing. The project can be enhanced in the future by adding more game scenarios about Information Security topics as well as integrating all security games into one interactive product to be used as a mobile learning tool.