This is an example of how game elements can be applied in learning, in this case Internet Security and Privacy training.
Note: The above image has been substituted to protect client confidentiality. The original training had a cartoon-ish quality but as demonstrated with this particular image, it needn’t be. In fact, there is value in a more realistic look/feel.
The Training Approach
We can’t give away all our secrets, so you’ll need to use your imagination with this example. City landscapes make realistic backdrops for the many security and privacy risks that we encounter on a daily basis. A game concept we’ve found works well is to have the Learner ‘zoom in’ to experience a variety of risky situations in different locations around the city. Each risk can be identified with a map marker or target and when selected, a brief video launches. The effect of the video is to put the Learner directly in the ‘scene’. The Learner must determine how to respond to the risk and points are either awarded or deducted, based on the actions they take. In this way, their actions have consequences e.g., if a threat hasn’t been eliminated, it still exists.
Some Additional Effects:
1. Risk Locations:
We placed several ‘risks’ (security/privacy threats) across the city, some were within an office setting but many were outside of the office e.g. residential homes, cafe/restaurant, parked car, and airport. Each represented a unique area of concern for our stakeholders.
2. Risk Identification:
Each risk within the city was identified with a “riskmeter”. On hover of the riskmeter, a quick summary of the risk was displayed, including the associated points.
To give a spy-like quality, we used a cross-hair symbol to mark the location of the cursor. As the target (cross-hair) is moved around the city, the backdrop is magnified, showing the finer details of the landscape.
A scoreboard was included to tabulate points and a minimum pass score was set. Learners were required to respond to a set amount of risks and if required, remained ‘in the game’ (to complete bonus risks) to supplement their score.
In addition to points, feedback was displayed as Learners responded to each risk. In keeping with the risk/spy theme, it was presented as a ‘debrief’.
Key security and privacy risks were effectively addressed in this training, using game elements (gamification). Since it was entirely behavioural, there was no need to include additional quizzes or a post-training test. Essentially, ‘the game’ was the best assessment of how individuals would respond to security/privacy risks. The ‘learning’ came in the process of responding to the risks.