Business & Information Systems Engineering ( IF 7.9 ) Pub Date : 2024-02-12 , DOI: 10.1007/s12599-024-00852-z Dixon Prem Daniel Rajendran , Rangaraja P. Sundarraj
Cybersecurity threats faced by organizations are growing in volume and sophistication, with human issues being a significant reason underlying these threats. Organizations report the need for skills development to face these challenges. This need is addressed in this study by developing game-based learning (GBL) artefacts for process-related cybersecurity issues. The artefacts are developed using ADR (Action Design Research). These artefacts employ procedures prescribed by NIST (National Institute of Standards and Technology) and CCMP (Cyber Crisis Management Plan) to teach users cybersecurity concepts such as cyber crisis management, malware incident forensics, incident handling and password management. The paper details the artefacts and design process, highlights the implications for practitioners and academicians in GBL, and also describes a nascent theory for Design Science Research (DSR).