The objective of this project is the design, creation, evaluation, and dissemination of a customizable, non-digital card game for teaching computer security concepts to first- and second-year undergraduate students. The creation of the game is motivated by a need to heighten the understanding and awareness of computer security and privacy in an ever-increasing digital world, to act as a gateway to future education and careers in computer science, and to generally promote interest in science, technology, engineering and mathematics (STEM) disciplines. The project explores novel and creative ways to incorporate cyber-security games into existing curricula across a wide variety of disciplines, in particular, traditionally non-STEM and introductory courses. The project designs games with simple mechanics but that teach complex ideas and substantial security principles, which allow essential issues to be communicated to students of diverse backgrounds, especially those students typically under-represented in science, technology, engineering and mathematics. In particular, the games are designed to engage students with low computer literacy, to dispel the myth that computer science is a solitary or isolating pursuit, and to be deployed at schools with little funding or support for IT resources. Games and course materials are disseminated though printed samples, a project web site, presentations at professional conferences, and at a local workshop the site will host. This project involves the participation of Hartnell Community College.
The portion of this grant overseen by CSUMB was used to fund the 2014 USENIX Summit on Gaming, Games and Gamification in Security Education (www.usenix.org/conference/3gse14). There is a growing need to train both students and industry professionals in cutting edge security practices. As more of our day to day lives moves into the digital realm, so does our sensitive data – it seems like almost daily we hear of another major data breach. Having technical professionals that can predict and counteract malicious attacks on digital resources is increasingly important. Despite this need, it has been hard to convince students to study security and to make the material engaging to those needing retraining. One method for increasing both engagement with and results from security training is to incorporate principles of game play and gamification. While gamification is a large area of current research, there is a much smaller subcommunity looking at how to apply the principles of gamification specifically to the teaching of security. This workshop was organized to bring together industry and academic researchers in this area to share ideas and to distribute prototype games. In order to reach the largest possible audience, this workshop was cohosted with USENIX, one of the largest security conferences. It was hoped that security experts not currently involved in education efforts might attend the workshop and offer new insights or new perspectives on existing efforts. The workshop was very successful. 37 attendees, including 8 students discussed 11 papers and examined multiple prototype security games. The community was active on Twitter where reactions can be found by searching the #3gse hashtag (example: "Lots of incredible talent in the room at #3GSE. I am humbled and glad I came"). The funds from NSF provided for workshop organization and also for four undergraduate students to travel to the conference to participate. For all four students it was their first opportunity to attend a scientific conference. As part of their attendance, the students also volunteered in the workshop sessions. Summaries written by the students will be published in the USENIX login magazine. They came back excited about computer science, and more engaged than ever with the topic of security. Several of them even mentioned that they were going to start a security club to participate in competitions. All the students were incredibly thankful of the opportunity and made the most of their time at the conference by attending multiple sessions and participating fully. The program for the conference as well as videos for all the talks are available on the conference web site: www.usenix.org/conference/3gse14. All workshop sessions and papers are available online as open-access publications. These efforts were enabled by NSF funding and help to widen the impact of the workshop into the future.
