In this chapter, the authors outline their process for introducing serious games as a course in an Information Security Master Course Program at the Norwegian University of Science and Technology. The process is built on the author's experiences from both participating, coaching, judging, and even arranging serious games and cyber security challenges. With the lack of cultural recipes (or shared experiences) in information and cyber security from previous generations, these recipes must be learned in other environments. Given the efficiency of using exercises for incident response training, the authors suggest that information and cyber security incident response can be learned efficiently through serious games as one type of exercise. The authors suggest that serious games give relevant learning experiences from both developing them and participating in them, and they suggest these learning experiences as part of the course, in addition to necessary instructions.
Proposal and Evaluation of a Security Incident Response Training Method using Programming
