StudyDaddy Article Writing 1.) Add contents page 2.) Work on elaborating the hypothesis using different articles. Articles should be from below websites: 1.) https://thescipub.com/journals/jcs 2.) https://www.jmis-web.org/issue

1.) Add contents page 2.) Work on elaborating the hypothesis using different articles. Articles should be from below websites: 1.) https://thescipub.com/journals/jcs 2.) https://www.jmis-web.org/issue

Running head: GAMIFICATION FOR SECURITY TRAINING 1


















Gamification for Security Training

Problem Statement

The number of cyber-attacks has been increasing rapidly in organizations. These attacks can bring down the reputation of organizations and can cause a loss of millions of dollars for the organizations. Most vulnerabilities, attacks, risks, and viruses result from a lack of security awareness of employees and users (Seaborn & Fels, 2015).

These risks, vulnerabilities, and attacks can be reduced by improving employees' knowledge and skills in strengthening the companies' IT infrastructure. For this purpose, organizations can arrange several types of workshops and training sessions related to cyber-security awareness. Many employees do not show interest and feel boredom in attending those workshops and training sessions. Gamification is considered a practice that can boost the investment and engagement level of employees during security awareness training.

Gamification will positively impact the security training offered to employees by increasing their interest and engagement level. The main problem which is going to be addressed in this research is the understanding of the impact of gamification on the training session offered to employees for improving the security of IT infrastructure.

The present research study is considered highly useful for finding the impact of gamification on employees' training sessions for improving the security of IT infrastructure. This study would enable organizations to understand the significance of gamification, the possible methods that can be utilized for taking advantage of gamification, and why it is one of the best approaches for increasing the engagement level and involvement of employees in training sessions.

Many employees feel difficulty and face a lack of interest and enthusiasm while attending the workshops and training sessions arranged by their employers and managers (Alotaibi, Furnell, Stengel, & Papadaki, 2016). Hence the use of gamification can be a highly effective technique available for organizations to increase the interest and engagement level of employees in the offered workshops and training sessions (Baxter, Kip, & Wood, 2016).

Model Diagram

State of Flow

Gamification for Security Training

User Security Compliance



Literature Review on Information Security Compliance

The 21st century has come with technological advancements that have helped organizations flourish and work faster and more efficiently. There are numerous changes that the corporate world undergoes, and for an organization to stay competitive in the market, it must be able to adapt to the changes that are bound to happen (Desai, 2016). Organizations must be able to learn quickly about the business environment. The business principles change over time, and Information Technology is one of those fields that a company must take a keen interest in.

The changing technological advancements largely include the use of e-commerce, which exposes companies to a higher risk of cybercrime. According to Al-Kalbani (2017), there has been a 38% increase in information technology breaches in a public organization in 2016 compared to 2014. Because of such an increase and the threat of a further surge. Companies must design and operate secure electronic systems that they use for the exchange of information and funds. It is highly fundamental that the security of information that the organizations hold to be kept as high as possible. Companies have noticed the same and have gone on to adopt security practices that include the adoption of an information technology security compliance approach to control the proper use of the information they have (Al-Kalbani, 2017). Showing that a company has taken the necessary precautions to protect the information they have is now considered to be an institutional yardstick (Al-Kalbani et al., 2017; Safa et al., 2016).

For any sort of security of the information, companies, and organizations, including governments, must consider the technical, technological, and non-technical aspects (Al-Kalbani, 2017). As such, the end game is to have a set of rules that must be met to ensure security compliance. In the use of information technology, security compliance refers to the implementation of security practices, policies and standards that work best to protect the information owned or controlled by a certain organization (Al-Kalbani, 2017; Alfawaz et al., 2010). If a company complies with information security, it can improve its security mechanisms that help safeguard information (Siponen et al., 2010). The compliance approach used to information technology helps satisfy the trust that the stakeholders have towards the organization (Al-Kalbani, 2017). Therefore, information technology is essential in the development of e-government and other institutions and organizations as well.

As Dimitriadis (2011) describes, information security is "the preservation of confidentiality, integrity, and availability of information." There is no way that information can be preserved if there is no compliance with the standards that guide its preservation. Over the past decade, there was the notion that information security was a technical thing, and the IT managers were the only ones tasked with the preservation of safety. However, the idea has been changing to include the non-technical part of the organization (Desai, 2016). This has led to the creation of procedures, policies, and awareness programs that help in security compliance. According to Herath and Rao (2009), the failure to prevent security breaches in attacks is a clear sign of a company not complying with the security policies. Research has ascertained that almost half of the security breaches that befall an organization emanate from within the organization (Desai, 2016). This fact places more emphasis on the role that an organization has in stopping security breaches through compliance.

According to Kolkowska and Dhillon (2013), there are two main categories identified concerning information security approaches. The approaches are the approaches that make use of sanctions and the behavioral ones. As such, there are two approaches to security management, which are the individual level and the managerial level of understanding (Flores et al., 2014). This means that the own employees in an organization need proper training and awareness not to misuse information. The employees need to understand the consequences of the guilt of breach of data.

There have been theories that help understand the compliance of organizations to information security. The institution theory (DiMaggio & Powell, 1983) widely provides a better understanding of the pressures that force an institution to comply. The theory states that “organizations must secure legitimacy from its stakeholders by conforming to external expectations” (Appari et al., 2009). The legitimacy that an organization seeks can be gained by making strategic responses to the pressures from external entities (Cavusoglu et al., 2015). It is paramount to note that the organization's external influences and the answer define how the organization is built, run, and how it can be understood and evaluated (Al-Kalbani et al., 2017).

For an organization to follow security compliance, there must be proper external pressures that force it. The influences include normative, mimetic, and coercive pressures (Cavusoglu, 2015). The coercive pressures are the ones that force an organization to adopt the regulations and practices that help in the protection of the security of information. The demands are mainly from government laws and regulations (Al-Kalbani et al., 2017). The normative pressures are those that stem from the expectations that the community has towards the organization (Appari et al., 2009). Finally, the mimetic pressures originate from the company trying to imitate its peers to gain legitimacy (Safa et al., 2016).

The importance of the pressures to the adoption of security compliance is key to ensuring that the organizations. Since many institutions are using gamification in the training and awareness of the employees, the mimetic pressures play an essential role in increasing the compliance levels of other companies. Bulgurcu (2010) finds out that the implementation of information security awareness even helps to increase the belief of employees towards security awareness. While the government can create rules and regulations that force organizations to raise information security awareness, it is down to the organizations to choose to use gamification to train the employees.

Literature Review on Gamification for Security Training

Gamification is the method in which the knowledge and experience gained from gaming theory and flow theory have utilized in a non-gaming context. The concept of gamification was implemented for the first time during the Cold War to improve productivity (Alotaibi, Furnell, Stengel, & Papadaki, 2016). Coonradt in 1984 was the early researcher who applied gamification in the business context to motivate employees through clear goals, frequent feedback provision, gaming features, and personal choice (Baxter, Kip, & Wood, 2016).

Gamification highly helps companies increase their employees' engagement level by utilizing several elements of game designing (Kanat, Siloju, Raghu, & Vinze, 2013). According to some previously conducted research studies, it has suggested that the use of goals, storytelling, rewards, and appreciation are the main aspects of gamification for increasing the curiosity, interest, engagement level and experiences of challenges of users to boost the engagement level and interest of participants in the offered training sessions and workshops (Seaborn & Fels, 2015).

The use of the gamification technique is one of the most preferred training methodologies which helps the companies to increase innovation, productivity, knowledge, skills, experiences, and learning procedures of their employees and participants (Alomari, Al-Samarraie, & Yousef, 2019). This technique is mainly based on the use of innovative thoughts and gaming techniques in a non-entertainment manner, such as improving education and work skills.

There are vast numbers of benefits offered by gamification to its users like it enables employees to increase their productivity, provides motivation for improving their engagement and involvement, encourages employees to become more creative for solving the problems and innovatively addressing them, provides strength to the communication procedures (Pattabiraman, Srinivasan, Swaminathan, & Gupta, 2018).

The use of gamification highly helps employers and managers increase employee engagement by introducing several types of innovative dynamics (Mathoosoothenen, Sundaram, Palanichamy, & Brohi, 2017). It has assumed that the companies who utilize the technique of gamification in the training sessions offered to their employees can get more successful in improving the particular required skills of their employees through the increased interest and involvement of employees in the provided training sessions and workshops (Erenli, 2013). However, it is also considered a highly useful approach for transmitting a productive and positive corporate image (Alomari, Al-Samarraie, & Yousef, 2019).

Using gamification more effectively, all the things should be kept simple, engaging, and entertaining to increase the interest and engagement level of employees. The success of gamification relies mainly on employees' increased involvement, effective gaming techniques, and methods and motivation (Alotaibi, Furnell, Stengel, & Papadaki, 2016). The rewards offered are not considered only pure awards but provide means for inspiring employees to achieve their potential. There are vast numbers of organizations that have to utilize gamification techniques like Google, Starbucks, and Dominos, etc.

When companies use gamification, they work to make the existing tasks more innovative and fun, like the use of video games. The advancement in information technology has highly contributed to increasing cybercrimes and terrorism that can put strong negative impact not only on the reputation of the company but also on the data and information stored in the servers of the company of their employees, customers, and the organization itself (Baxter, Kip, & Wood, 2016). The increased numbers of attacks, threats, risks, and vulnerabilities demand the IT companies become more innovative, productive, and reliable (Gonzalez, Llamas, & Ordaz, 2017).

For this purpose, companies have needed to provide training sessions and workshops to improve their employees' skills and knowledge. To identify and tackle the various attacks, threats, risks, and vulnerabilities, employees should know about IT security so that they can protect their privacy and data from intruders (Erenli, 2013). Employees should also be able to think from the perspective of intruders and act accordingly.

To identify and address the cyberattacks effectively, quickly, and without any significant loss in terms of finance, customers, and reputation, the employees should have updated knowledge as advancements in technology are taking place at a fast rate (Seaborn & Fels, 2015). Several types of cybercrimes can be occurred and can be proved highly harmful. In 2018, the UK, 79% of companies were posed with the threat of cyberattacks and had to face the consequences of problems that occurred (Alomari, Al-Samarraie, & Yousef, 2019).

Most people, including the employees of any organization, do not show interest in attending workshops related to any topic as the workshops play a significant role in enhancing the knowledge of its attendees to improve their existing experience and skills about the security of IT infrastructure (Luh, Temper, Tjoa, Schrittwieser, & Janicke, 2020). However, a significant problem is faced by a lack of interest and involvement in the offered training and workshops, which can be solved using gamification techniques (Hart, Margheri, Paci, & Sassone, 2020).

Besides, the usage of gamification for increasing the involvement and engagement level of employees has considered to be very cost-friendly as it can provide a considerable amount of benefits to its users and can save them from major problems like in case of having lack of involvement and engagement level of employees in the offered sessions, all the resources which were utilized by the companies like cost, time, place, etc. would get wasted and of no use (Seaborn & Fels, 2015).

Gamification works on the desire of human beings to get the win, successful, and achieve something. It allows employers to offer several types of rewards like badges, points, leader boards, and the ability to do trading to get a particular kind of prize for deriving high quality of behavior from employees to get engaged in the training sessions (Thornton & Francia, 2014). However, it is also rooted in science, as wining always creates dopamine in human beings' minds. They want to get reached to the next level and be placed on the top of the leader board by doing whatever they can to feel good and have a feeling of pride (Alotaibi, Furnell, Stengel, & Papadaki, 2016).

Besides, there is also the considerable significance of the rules needed to follow for staying in line and to get guided in the decision making. The companies who get successful in implementing and establishing the right standards for the Information Technology Security awareness training sessions and programs can have more opportunities and chances of extending their programs for having long term benefits (Gonzalez, Llamas, & Ordaz, 2017). All the specified rules, regulations, objectives and goals of the training are needed to be clear and straightforward for getting modified and adjusted according to the changing circumstances and situations (Adams & Makramalla, 2015).

Organizations should not move towards the use of gamification because everyone is using it, and it sounds to be very trending and good. It should be implemented when needed and with a particular purpose (Seaborn & Fels, 2015). All the programs which contain gamification should have some unique value, and all the participants should be felt to be very special and interested in learning about cybersecurity for securing the IT departments of the companies by having a feeling of winning something (Alomari, Al-Samarraie, & Yousef, 2019).

All the contents of gamification in the training sessions are needed to be incorporated in a very transparent manner for obtaining a high level of benefits as it can be proved to be very useful and practical for improving the quality of training sessions and achieving a high level of results (Alotaibi, Furnell, Stengel, & Papadaki, 2016). The success of the training based on gamification relies on the program's accomplishment without being noticed by using gamification (Gonzalez, Llamas, & Ordaz, 2017).

It has also noticed that the things that work well for one organization are not compulsory and would be sufficient for the other companies (Seaborn & Fels, 2015). Each company seems to have its particular unique organizational culture and training programs designing methods because of having unique traits and knowledge (Alomari, Al-Samarraie, & Yousef, 2019). In each training session, human factors are considered to be the weakest element for IT security as they can make mistakes, and they are also the ones who can make extraordinary efforts to secure the system to a great extent from vulnerabilities, risks, and attacks (Chen, 2015).

There is a considerable significance of information security compliance for improving the quality of operations and services which are being offered to customers. When customers feel that their data is not protected and secured by their company, they hesitate to provide their confidential and personal information (Adams & Makramalla, 2015). There are many cases in which several numbers of organizations have to face major loss in terms of customers and finance because of loss of information and data due to several types of vulnerabilities, breaches, and attacks (Alomari, Al-Samarraie, & Yousef, 2019). For example, in 2013, Adobe has to compromise the data of 153 million users, which caused the company to face a $1.1 million legal fee and $1 million to its customers for solving their problems (Swinhoe, 2020).

Also, in 2014, eBay has to compromise 145 million users' data, which caused the company to pay hefty fines and some corresponding amount to their customers for addressing the impact which has been faced by them financially (Battaglino, 2019). There are hundreds of examples of smaller, medium and large scale organization which are offering their services by collecting vast types of personal and confidential data of their customers and employees and those companies have to face millions of dollars of loss not only in terms of money but also in their customers and reputation (Alotaibi, Furnell, Stengel, & Papadaki, 2016). If these organizations have put a strong focus on the improvement of their IT infrastructure and implemented robust security compliance, they could have saved themselves from these significant losses.

Security compliance ensures that several security measures have been appropriately taken by the company to protect the IT infrastructure from several types of attacks, risks, vulnerabilities, and breaches. Several IT security regulatory compliance numbers can be followed by organizations (Armstrong & Landers, 2017). This compliance can be effectively implemented if all the relevant employees seem to be aware of these practices. They have relevant skills and updated knowledge that is possible to provide to employees who seem to have problems in these areas through the training sessions.

The offered training sessions can be improved by using the practice of gamification, which allows employees to take significant interest and involvement in the provided training sessions. These training sessions can help employees understand updated and highly advanced methods to address these vulnerabilities, attacks, and breaches (Baxter, Kip, & Wood, 2016). Employees can be offered advanced knowledge about several types of IT security regulatory compliance like FISMA, HIPPA, SURBANCE OXELY ACT, PCI DSS, etc. All these acts work effectively with the collaboration of IT security agencies and the government to secure the confidential and personal data of customers and employees.

FISMA is a law that was passed in 2002 by the United States Federal which indicated that the federal agencies should do development, documentation, and implementation of effective information security and protection programs. It is made for the improvement of the management of e-government. It is considered to be the most significant rules followed by federal data security standards and guidelines (Gikas, 2010). The primary purpose of it is the reduction of security risks for public information and data.

HIPPA (Health Insurance Portability and Accountability Act) of 1996 was designed to contain comprehensive information about protected health privacy and security. However, confidentiality and security cannot be considered the same but always stays together. The privacy rules mainly focus on the individual's rights for controlling their personal information (Edemekong & Haydel., 2019). According to PHI (Protected Health Information), it is stated that any kind of personal data should not be used or disclosed to any other person without their consent.

SURBANCE Oxley was passed in 2002 by the US Congress for providing help to do protection of investors from several types of fraudulent activities related to finance. It is also called a SOX Act of 2002 and the Corporate Responsibility Act because it brought several strong reforms about the existing security regulations and introduced new lawbreakers and penalties. The act came in front because of financial scandals that occurred in 2000 like Enron Corporation, World Com, and Tyco International Plc.

PCI DSS is a set of widely accepted policies that are used for optimizing the protection of debit, credit, and cash card transactions and to do protection of cardholders for avoiding any kind of misuse of personal and confidential data (Ataya, 2010). Both were joined in 2004 by using four significant companies of credit cards: Visa, Discover, Master Card, and American Express. All of these acts work effectively with the collaboration of IT security agencies and the government to secure the confidential and personal data of customers and employees.

The companies which do not follow the guidelines, practices, standards, and policies defined by these agencies and government have to face huge amounts of penalties, punishments, and fines which can cause them to face major loss in terms of finances and customers. These defined standards help organizations to protect credit card information, email address, bank details, etc. (Chen, 2015) For this purpose, it is suggested that organizations should offer time to time frequent training sessions to their employees so that they can get updated knowledge, skills and get aware of best practices that can be utilized by them for strengthening their IT infrastructure and ensuring IT security compliance (Gonzalez, Llamas, & Ordaz, 2017).

It is suggested that organizations should keep offering short training in their meeting sessions for understanding the effectiveness of existing knowledge of their employees and every 3 months employees should be offered with some short workshop session for increasing awareness and training sessions should be provided to employees annually or whenever a new employee joins the company for making him/her compatible with the requirements of the company (Gonzalez, Llamas, & Ordaz, 2017).

There are many large-scale organizations which have been also become a victim of these vulnerabilities, breaches, and attacks because of lack of implementation of security compliance. For example, in 2014, there was an attack made on Yahoo which revealed that the companies having the latest technologies can also become vulnerable to these problems and the attacks got successful in stealing the records of more than 500 million accounts (Pattabiraman, Srinivasan, Swaminathan, & Gupta, 2018). Besides, there was also a major attack made on the Marriott Hotels in which the data of more than 500 million customers was stolen.

Hence, if these companies had implemented strong IT security regulatory compliance and followed the practices and standards specified by the country's IT security agencies and government, they could have saved their millions of dollars along with their reputation and numbers of customers (Thornton & Francia, 2014). The organizations can enhance their data management capabilities, improve the reputation, and market position of the company. Also, these regulatory compliance helps organizations to promote operational benefits (Gonzalez, Llamas, & Ordaz, 2017).

State of flow in Gamification for Effective Security Training

The theory of flow is considered useful for explaining the procedure in which the use of gamification can be highly valuable to improve the learning capabilities and skills of individuals. The main reason behind the use of the theory of flow is that most of the games have been designed in such a manner that puts a strong focus on maintaining a balance among the skills and challenges of the learners. However, the individuals who play video games are considered highly efficient as they can learn and find the easiest ways to reach the state of flow to learning something (Luh, Temper, Tjoa, Schrittwieser, & Janicke, 2020). When an employee feels exhausted and bored with the training sessions, the practice of gamification helps them regain their interest and flow in the offered training session.

Gamification is considered highly useful for allowing individuals to keep working and taking interests in the offered tasks in a flow. A flow helps individuals to work on a particular job in a stream like from the beginner's levels to medium level, and when they get good in all those activities, they are moved to the expert level (Gonzalez, Llamas, & Ordaz, 2017). In the same way, employees are provided with training sessions based on the beginning level knowledge to medium and then expert varying in the offered activities and training. It helps individuals to develop relevant skills, thinking capabilities and learning attitudes based on their experience (Erenli, 2013).

However, there is a major role played by intrinsic motivation in the flow theory. The intrinsic motivation usually occurs whenever an individual starts participating in the behavior that seems to be personally rewarding not only because of the pressure that occurred by external assets but also internally by the person (Baxter, Kip, & Wood, 2016). Intrinsic motivation occurs when individuals want to explore or learn something new that is not done by them before and become more curious about the practical experience of those things (Wolfenden, 2019).

There are several numbers of research studies that have been conducted for understanding the effectiveness of the theory of flow. Still, the researchers do very little work on the evaluation of the efficacy of flow theory on gamification and how they can be useful to improve the capabilities of employees who are working (Pattabiraman, Srinivasan, Swaminathan, & Gupta, 2018). The flow theory is considered highly helpful in enhancing the efficiency of the activities and tasks performed by using gamification.

According to Cakmak et al. (2015), flow theory addresses how a person engages in an activity that helps improve his or her cognitive skills. The engagement involves the special feeling of a sense of control, being entirely concentrated on the operation performed, enjoying the activity, and having the necessary harmony between the skills and the task completed (Cakmak et al., 2015). Csikszentmihalyi (1990) argues that people can achieve happiness by only controlling how they feel in the inner being. An individual can control his life and live the most enjoyable moments of his life by directing his mind to realistic goals and challenges. Therefore, a person who fully puts his or her focus on the work they do will live the flow experience and will have control over the actions they perform.

According to Csikszentmihalyi (1990), the flow experience is interwoven with positive emotions, intrinsic motivation, high concentration, and a sense of control. It is important to note that individuals mainly experience intrinsic motivation whenever they are doing activities that they are interested in. This intrinsic motivation is a key feature of the flow experience. Therefore, intrinsic motivation is easily achieved if a person performs an activity out of his or her own free will (Cakmak et al., 2015). There are features of flow experience that are important in determining the flow experience of a person. Eight principles are A challenge activity that requires skills, the merging of action and awareness, clear goals, direct feedback, concentration on the task at hand, the sense of control, the loss of self-consciousness, and the transformation of time (Chen, 2015; Cakmak et al., 2015).

The flow is primarily based on activities and argues that healthy persons enjoy their experience during the business without even realizing it (Cakmak et al., 2015). By accumulating the appropriate events to the purpose of their life, a person can achieve the happiness they wish with a sense of control over the activity they perform. Flow theory has been used before in many fields, including sports, positive psychology, marriage, job performance, and distance education (Cakmak et al., 2015). In playing online games, the creators of the games have mastered the art of ensuring that they achieve the flow experience when playing. This way, video games have infiltrated our daily lives so that every person, young and grown-up, represents video game (Chen, 2015). The ability for game makers to ensure that gamers achieve flow experience is by making sure that there is a balance between the challenges that the game provides and the skills of the person playing (Chen, 2015).

For ensuring IT security compliance, companies are needed to have updated knowledge and skills, which can be achieved by offering several types of training sessions to their workforce. When the employee is asked to get training sessions, they feel boredom and lack of interest which can be improved and increased by following the practice of gamification in which several types of games and rewards can be offered to employees to learn the concepts more effectively and maintaining a balance among the interest of employees and their leaning capabilities (Baxter, Kip, & Wood, 2016).

Human beings are the key asset for creating most of the vulnerabilities, breaches, and attacks along with addressing them. Hence, their training is considered highly influential in any organization because they are considered highly responsible for handling data and IT infrastructure (Ruiz-Alba, L., Soares, Rodríguez-Molina, & Banoun., 2019). If employees were offered updated knowledge, practices, and experiences, they would be able to make high-quality decision-making to address the problem more effectively, rapidly, and smartly without getting significant issues for the company.

Gamification is a relatively new approach that takes advantage of the video gaming industry to help in the training and awareness of information security. The era now is full of online forms, which include transfer and storage of information. The internet use to store and transfer information poses a risk of people hacking to get the information they illegally. In some instances, the leakage of information may be unintentional, as Desai (2016) states, almost half of the security breaches that occur an organization emanate from within the organization. Most of the violations are unintentional and are because the users are not aware of the simple ways, they can leak information. Therefore, the gamification process uses gaming principles to make training on cybersecurity engaging, entertaining, and informative. This way, the employees get to learn the techniques of stopping leakages, following rules. In a nutshell, following regulations and preventing leakages leads to security compliance.

Information security compliance by the employees means that the whole organization complies and therefore heightened security. There is a strong relationship between the theory of flow, IT security regulatory compliance, and gamification because organizations are needed to strengthen their IT infrastructure by implementing IT security Compliance (Pattabiraman, Srinivasan, Swaminathan, & Gupta, 2018).

Information security is a top priority for any company an organization. To increase the security of information, the training of employees is important. If the employees are trained regularly and through the best possible formats, their awareness will be heightened. Increased awareness of the threats related to information security by the employees, means that they will not be caught flat-footed in case of an attack. The increased use of gamification increases the willingness of the employees to learn about information security. The increase in awareness means that they will be much more willing to be involved in securing the information of the organization. The use of gamification increases the relationship between information security compliance and the security of information.

There is a strong impact of gamification in IT security training. Gamification is a practice of following several types of gaming activities in return for some rewards, acknowledgments, and recognition for increasing the involvement and interests of participants. There is a huge contribution of gamification in increasing the engagement level, and the importance of employees in the offered training sessions regarding IT security. The advancement in information technology has highly contributed to growing several types of cybercrimes and terrorism, which also increased the significance of IT security training sessions offered to employees for improving their existing knowledge and experiences.

Research Question and Hypothesis

Research Question: The Impact of Gamification in Security Training for User Security Compliance is moderated by the flow enabled by the game-based training.


Hypothesis

H1: Game based training leads to higher level user security compliance.

H2: A high state of flow in game-based security training will lead to higher user security compliance.

H3: A low state of flow in game-based security training will lead to lower user security compliance.


Conclusion


References

Adams, M., & Makramalla, M. (2015). Cybersecurity skills training: an attacker-centric gamified approach. Technology Innovation Management Review, 5(1), 1-21

Alomari, I., Al-Samarraie, H., & Yousef, R. (2019). The role of gamification techniques in promoting student learning: A review and synthesis. Journal of Information Technology Education: Research, 395-417.

Alotaibi, F., Furnell, S., Stengel, I., & Papadaki, M. (2016). A Review of Using Gaming Technology for Cyber-Security Awareness. International Journal for Information Security Research, 660-666.

Armstrong, M. B., & Landers, R. N. (2017). An evaluation of gamified training: Using narrative to improve reactions and learning. Simulation & Gaming, 513-538.

Ataya, G. (2010). PCI DSS audit and compliance. Information security technical report, 138-144.

AlKalbani, A., Deng, H., & Kam, B. (2015, July). Organisational Security Culture and Information Security Compliance for E-Government Development: The Moderating Effect of Social Pressure. In PACIS (p. 65).‌

Al-Kalbani, A. (2017). A Compliance Based Framework for Information Security in E-Government in Oman. https://pdfs.semanticscholar.org/85ae/23222e1a34c2a4e4408a00f047b160ca1c6f.pdf

‌ AlKalbani, A., Deng, H., Kam, B., & Zhang, X. (2017). Information Security compliance in organizations: an institutional perspective. Data and Information Management, 1(2), 104-114.

Appari, A., Johnson, M. E., & Anthony, D. L. (2009). HIPAA Compliance: An Institutional Theory Perspective, Proceedings of the American Conference on Information Systems, 252.

Battaglino, J. (2019, 4 14). 7 Hidden Benefits of IT Security Compliance for Your Business. Retrieved from https://www.cherwell.com/library/blog/it-security-compliance/

Baxter, R. J., Kip, H. J., & Wood, D. A. (2016). Applying Basic Gamification Techniques to IT Compliance Training: Evidence from the Lab and Field. Journal of Information Systems, 119-133.

Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523-548.

Chen, E. T. (2015). Gamification as a resourceful tool to improve work performance. In Gamification in education and business, 473-488.

Cavusoglu, H., Cavusoglu, H., Son, J.-Y., & Benbasat, I. (2015). Institutional pressures in security management: Direct and indirect influences on organizational investment in information security control resources. Information & Management, 52(4), 385-400.

‌Csikszentmihalyi, M. (1990). Flow: The psychology of optimal experience. New York, NY: Harper and Row

Desai, M. (2016). An integrated approach for information security compliance in a financial services organization. http://etd.cput.ac.za/bitstream/handle/20.500.11838/2396/205219500-Desai-MR-Mtech-IT-FID-2016.pdf?sequence=1&isAllowed=y

DiMaggio, P., & Powell, W. W. (1983). The Iron Cage Revisited: Collective Rationality and Institutional Isomorphism in Organizational Fields, American Sociological Review 48(2), 147-160.

Dimitriadis, C. (2011). Information Security from a Business Perspective. ISACA Journal 1(1):43-48.

Edwards, J. R., Mason, D. S., & Washington, M. (2009). Institutional pressures, government funding and provincial sport organizations. International Journal of Sport Management and Marketing, 6(2), 128-149.

Edemekong, P. F., & Haydel., M. J. (2019). Health Insurance Portability and Accountability Act (HIPAA).

Erenli. (2013). The impact of gamification-recommending education scenario. International Journal of Emerging Technologies in Learning.

Gikas, C. (2010). A general comparison of fisma, hipaa, iso 27000 and pci-dss standards. Information Security Journal: A Global Perspective, 132-141.

Gonzalez, H., Llamas, R., & Ordaz, F. (2017). Cybersecurity Teaching through Gamification: Aligning Training Resources to our Syllabus. Research in Computing Science, 35-43.

Hart, S., Margheri, A., Paci, F., & Sassone, V. (2020). Riskio: A Serious Game for Cyber Security Awareness and Education. Computers & Security.

Herath, T., & Rao, H. R. (2009). Encouraging information security behaviors in organizations: Role of penalties, pressures, and perceived effectiveness. Decision Support Systems, 47(2), 154–165.

Kanat, I. E., Siloju, S., Raghu, T. S., & Vinze, A. S. (2013). Gamification of emergency response training: A public health example. IEEE, (pp. 134-136).

Ke, W., & Wei, K. K. (2008). Organizational culture and leadership in ERP implementation. Decision Support Systems, 45(2), 208-218.

Kirsch, L. J., & Boss, S. R. (2007). The Last Line of Defense: Motivating Employees to Follow Corporate Security Guidelines. International Conference on Information Systems, Icis 2007, 103.

Kolkowska, E., & Dhillon, G. (2012). Organizational power and information security rule compliance. Computers & Security, 33, pp.3-11

Luh, R., Temper, M., Tjoa, S., Schrittwieser, S., & Janicke, H. (2020). PenQuest: a gamified attacker/defender meta-model for cybersecurity assessment and education. Journal of Computer Virology and Hacking Techniques, 19-61.

Mathoosoothenen, V. N., Sundaram, J. S., Palanichamy, R. A., & Brohi, S. N. (2017). An Integrated Real-Time Simulated Ethical Hacking Toolkit with Interactive Gamification Capabilities and Cyber Security Educational Platform. In Proceedings of the 2017 International Conference on Computer Science, (pp. 199-202).

Pattabiraman, A., Srinivasan, S., Swaminathan, K., & Gupta, M. (2018). Fortifying corporate human wall: A Literature review of security awareness and training. In Information Technology Risk Management and Compliance in Modern Organizations, 142-175.

Redhead, A., & Saunders, J. (2019). Gamification and Simulation. In Serious Games for Enhancing Law Enforcement Agencies, 83-98.

Ruiz-Alba, L., J., Soares, A., Rodríguez-Molina, M. A., & Banoun., A. (2019). Gamification and entrepreneurial intentions. Journal of Small Business and Enterprise Development.

Seaborn, K., & Fels, D. I. (2015). Gamification in theory and action. International Journal for Information Security Research.

Seaborn, K., & Fels, D. I. (2015). Gamification in theory and action: A survey. International Journal of human-computer studies, 14-31.

Safa, N.S., Von Solms, R. & Furnell, S., (2016). Information Security Policy Compliance Model in Organizations, Computers & Security, 56, 70-82.

Swinhoe, D. (2020, 4 17). The 15 biggest data breaches of the 21st century. Retrieved from https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html

Thornton, D., & Francia, G. (2014). Gamification of information systems and security training: Issues and case studies. Information Security Education Journal, 15-24.

Wolfenden, B. (2019). Gamification as a winning cybersecurity strategy. Computer Fraud & Security, 9-12.



Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!