{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,7]],"date-time":"2026-04-07T22:41:57Z","timestamp":1775601717620,"version":"3.50.1"},"reference-count":61,"publisher":"MDPI AG","issue":"10","license":[{"start":{"date-parts":[[2024,10,3]],"date-time":"2024-10-03T00:00:00Z","timestamp":1727913600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>Knowing about a danger is not enough to avoid it. Our daily lives offer countless examples of occasions in which we act imprudently for various reasons, even though we know we are taking risks. Nevertheless, circumstances in which we lack the necessary knowledge can lead us to run into unpleasant or harmful situations without being aware of it. In cybersecurity, knowledge of the dangers (as well as the mechanics of a possible attack) makes a huge difference. This is why specific training is provided in organizations, along with awareness campaigns. However, security training is often generic, boring, and a mere fulfillment of obligations rather than a tool for behavioral change. Today, we can deliver content through various devices and platforms that people access for both work and leisure, so that learning can happen incidentally and with almost no effort. Distributing knowledge in small, dedicated units creates the conditions for lasting, effective learning and is more effective than teaching through traditional courses (whether delivered in-person or online). In this article, we present an ongoing project on cybersecurity informal learning, including the design of a small video game. The intervention is aimed at helping young adults (18\u201325 years) to understand the mechanics of cookies and their role in the dynamics of cyberattacks. Consistent with the idea that a comprehensive course may be unsuitable for delivering cybersecurity training, the game covers and deliberately limits itself to that topic only. We also provide detailed considerations related to the evaluation of its effectiveness, although this is outside the scope of the present paper.<\/jats:p>","DOI":"10.3390\/info15100607","type":"journal-article","created":{"date-parts":[[2024,10,3]],"date-time":"2024-10-03T10:31:13Z","timestamp":1727951473000},"page":"607","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Improving the Cybersecurity Awareness of Young Adults through a Game-Based Informal Learning Strategy"],"prefix":"10.3390","volume":"15","author":[{"given":"Giorgia","family":"Tempestini","sequence":"first","affiliation":[{"name":"Department of Planning, Design and Technology of Architecture, Sapienza University of Rome, 00196 Rome, Italy"}]},{"given":"Sara","family":"Mer\u00e0","sequence":"additional","affiliation":[{"name":"Department of Planning, Design and Technology of Architecture, Sapienza University of Rome, 00196 Rome, Italy"}]},{"given":"Marco Pietro","family":"Palange","sequence":"additional","affiliation":[{"name":"Department of Planning, Design and Technology of Architecture, Sapienza University of Rome, 00196 Rome, Italy"}]},{"given":"Alexandra","family":"Bucciarelli","sequence":"additional","affiliation":[{"name":"Department of Planning, Design and Technology of Architecture, Sapienza University of Rome, 00196 Rome, Italy"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3000-2616","authenticated-orcid":false,"given":"Francesco","family":"Di Nocera","sequence":"additional","affiliation":[{"name":"Department of Planning, Design and Technology of Architecture, Sapienza University of Rome, 00196 Rome, Italy"}]}],"member":"1968","published-online":{"date-parts":[[2024,10,3]]},"reference":[{"key":"ref_1","unstructured":"Rahman, T., Rohan, R., Pal, D., and Kanthamanon, P. (July, January 29). Human factors in cybersecurity: A scoping review. Proceedings of the 12th International Conference on Advances in Information Technology, Bangkok, Thailand."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Alsharif, M., Mishra, S., and AlShehri, M. (2022). Impact of Human Vulnerabilities on Cybersecurity. Comput. Syst. Sci. Eng., 40.","DOI":"10.32604\/csse.2022.019938"},{"key":"ref_3","first-page":"82","article-title":"Cyber security awareness, knowledge and behavior: A comparative study","volume":"62","author":"Zwilling","year":"2022","journal-title":"J. Comput. Inf. Syst."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Lorenz, B., Kikkas, K., and Klooster, A. (2013, January 21\u201326). The four most-used passwords are love, sex, secret, and god: Password security and training in different user groups. Proceedings of the International Conference on Human Aspects of Information Security, Privacy, and Trust, Las Vegas, NV, USA.","DOI":"10.1007\/978-3-642-39345-7_29"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"61","DOI":"10.3390\/jcp3010005","article-title":"The Cybersecurity Awareness INventory (CAIN): Early Phases of Development of a Tool for Assessing Cybersecurity Knowledge Based on the ISO\/IEC 27032","volume":"3","author":"Tempestini","year":"2023","journal-title":"J. Cybersecur. Priv."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Di Nocera, F., Tempestini, G., and Presaghi, F. (2024). Reliability and validity of the Cybersecurity Awareness INventory (CAIN). Behav. Inf. Technol., 1\u201312.","DOI":"10.1080\/0144929X.2024.2355362"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"238","DOI":"10.1016\/j.cose.2018.09.009","article-title":"Design recommendations for online cybersecurity courses","volume":"80","year":"2019","journal-title":"Comput. Secur."},{"key":"ref_8","first-page":"1334","article-title":"Cybersecurity, technology, and society: Developing an interdisciplinary, open, general education cybersecurity course","volume":"32","author":"Payne","year":"2021","journal-title":"J. Inf. Syst. Educ."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"249","DOI":"10.1080\/10919392.2019.1611528","article-title":"Enterprise cybersecurity training and awareness programs: Recommendations for success","volume":"29","author":"He","year":"2019","journal-title":"J. Organ. Comput. Electron. Commer."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"203","DOI":"10.1108\/JIC-05-2019-0112","article-title":"Improving employees\u2019 intellectual capacity for cybersecurity through evidence-based malware training","volume":"21","author":"He","year":"2020","journal-title":"J. Intellect. Cap."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"103585","DOI":"10.1016\/j.cose.2023.103585","article-title":"A systematic review of current cybersecurity training methods","volume":"136","author":"Pruemmer","year":"2023","journal-title":"Comput. Secur."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"237","DOI":"10.1080\/0144929X.2012.708787","article-title":"User preference of cyber security awareness delivery methods","volume":"33","author":"Abawajy","year":"2014","journal-title":"Behav. Inf. Technol."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"203","DOI":"10.1007\/s10869-017-9492-y","article-title":"Antecedents and outcomes of informal learning behaviors: A meta-analysis","volume":"33","author":"Cerasoli","year":"2018","journal-title":"J. Bus. Psychol."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Marsick, V.J., and Watkins, K. (2015). Informal and Incidental Learning in the Workplace, Routledge.","DOI":"10.4324\/9781315715926"},{"key":"ref_15","first-page":"1065","article-title":"Transfer of training: A meta-analytic review","volume":"36","author":"Blume","year":"2010","journal-title":"J. Manag."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"100","DOI":"10.1016\/j.ijer.2019.06.003","article-title":"The what and why of primary and secondary school teachers\u2019 informal learning activities","volume":"96","author":"Lecat","year":"2019","journal-title":"Int. J. Educ. Res."},{"key":"ref_17","unstructured":"Mahoney, J.L., Larson, R.W., and Eccles, J.S. (2005). Organ. Act. as Context. Dev. Extracurricular Act. after-School Community Programs, Lawrence Erlbaum Associates Publishers."},{"key":"ref_18","first-page":"121","article-title":"Identifying patterns in informal sources of security information","volume":"1","author":"Rader","year":"2015","journal-title":"J. Cybersecur."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Rader, E., Wash, R., and Brooks, B. (2012, January 11\u201313). Stories as informal lessons about security. Proceedings of the Eighth Symposium on Usable Privacy and Security, Washington, DC, USA.","DOI":"10.1145\/2335356.2335364"},{"key":"ref_20","unstructured":"Pfeffer, K., Mai, A., Weippl, E., Rader, E., and Krombholz, K. (2022, January 7\u20139). Replication: Stories as informal lessons about security. Proceedings of the Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), Boston, MA, USA."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"102154","DOI":"10.1016\/j.cose.2020.102154","article-title":"Cybersecurity knowledge and skills taught in capture the flag challenges","volume":"102","author":"Vykopal","year":"2021","journal-title":"Comput. Secur."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"11759","DOI":"10.1007\/s10639-022-11451-4","article-title":"Cyber Competitions: A survey of competitions, tools, and systems to support cybersecurity education","volume":"28","author":"Balon","year":"2023","journal-title":"Educ. Inf. Technol."},{"key":"ref_23","first-page":"7","article-title":"Why so serious? On the relation of serious games and learning","volume":"4","author":"Breuer","year":"2010","journal-title":"J. Comput. Game Cult."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"53","DOI":"10.17083\/ijsg.v3i1.107","article-title":"Game based cyber security training: Are serious games suitable for cyber security training?","volume":"3","author":"Hendrix","year":"2016","journal-title":"Int. J. Serious Games"},{"key":"ref_25","first-page":"660","article-title":"A review of using gaming technology for cyber-security awareness","volume":"6","author":"Alotaibi","year":"2016","journal-title":"Int. J. Inf. Secur. Res. (IJISR)"},{"key":"ref_26","first-page":"1","article-title":"A survey of serious games for cybersecurity education and training","volume":"7","author":"Hill","year":"2020","journal-title":"KSU Proc. Cybersecur. Educ. Res. Pract."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Kulshrestha, S., Agrawal, S., Gaurav, D., Chaturvedi, M., Sharma, S., and Bose, R. (2022, January 12\u201313). Development and validation of serious games for teaching cybersecurity. Proceedings of the Serious Games: Joint International Conference, JCSG 2021, Virtual Event. Proceedings 7.","DOI":"10.1007\/978-3-030-88272-3_18"},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"586","DOI":"10.1177\/1046878120933312","article-title":"Experiencing cybersecurity one game at a time: A systematic review of cybersecurity digital games","volume":"51","author":"Coenraad","year":"2020","journal-title":"Simul. Gaming"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"101827","DOI":"10.1016\/j.cose.2020.101827","article-title":"Riskio: A serious game for cyber security awareness and education","volume":"95","author":"Hart","year":"2020","journal-title":"Comput. Secur."},{"key":"ref_30","unstructured":"Jaffray, A., Finn, C., and Nurse, J.R. (2021, January 7\u20139). Sherlocked: A detective-themed serious game for cyber security education. Proceedings of the Human Aspects of Information Security and Assurance: 15th IFIP WG 11.12 International Symposium, HAISA 2021, Virtual Event. Proceedings 15."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"27","DOI":"10.17083\/ijsg.v9i2.486","article-title":"Empirical study of adaptive serious games in enhancing learning outcome","volume":"9","author":"Gaurav","year":"2022","journal-title":"Int. J. Serious Games"},{"key":"ref_32","unstructured":"Kleinmuntz, B. (1966). An operant analysis of problem solving. Problem Solving: Research, Method, and Theory, Wiley."},{"key":"ref_33","unstructured":"Skinner, B.F. (1969). An operant analysis of problem solving, Note 6.1\u20136.4. Contingencies of Reinforcement: A Theoretical Analysis, Appleton-Century-Crofts."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Pierce, W.D., and Cheney, C.D. (2017). Behavior Analysis and Learning: A Biobehavioral Approach, Routledge.","DOI":"10.4324\/9781315200682"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Deterding, S., Sicart, M., Nacke, L., O\u2018Hara, K., and Dixon, D. (2011, January 7\u201312). Gamification. Using game-design elements in non-gaming contexts. Proceedings of the CHI\u201911 Extended Abstracts on Human Factors in Computing Systems, Vancouver, BC, Canada.","DOI":"10.1145\/1979742.1979575"},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"947","DOI":"10.1037\/0003-066X.39.9.947","article-title":"The shame of American education","volume":"39","author":"Skinner","year":"1984","journal-title":"Am. Psychol."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"245","DOI":"10.3390\/jcp2020013","article-title":"Getting rid of the usability\/security trade-off: A behavioral approach","volume":"2","author":"Tempestini","year":"2022","journal-title":"J. Cybersecur. Priv."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Utz, C., Degeling, M., Fahl, S., Schaub, F., and Holz, T. (2019, January 11\u201315). (Un) informed consent: Studying GDPR consent notices in the field. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK.","DOI":"10.1145\/3319535.3354212"},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Fui-Hoon Nah, F., and Siau, K. (2022). Factors that Influence Cookie Acceptance. HCI in Business, Springer. Government and Organizations; HCII 2022; Lecture Notes in Computer Science.","DOI":"10.1007\/978-3-031-05544-7"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Kulyk, O., Hilt, A., Gerber, N., and Volkamer, M. (2018, January 23). \u201cThis Website Uses Cookies\u201d: Users\u2019 Perceptions and Reactions to the Cookie Disclaimer. Proceedings of the European Workshop on Usable Security (EuroUSEC), London, UK.","DOI":"10.14722\/eurousec.2018.23012"},{"key":"ref_41","unstructured":"Bravo-Lillo, C., Cranor, L., Komanduri, S., Schechter, S., and Sleeper, M. (2014, January 9\u201311). Harder to ignore? Revisiting {Pop-Up} fatigue and approaches to prevent it. Proceedings of the 10th Symposium on Usable Privacy and Security (SOUPS 2014), Menlo Park, CA, USA."},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Bravo-Lillo, C., Komanduri, S., Cranor, L.F., Reeder, R.W., Sleeper, M., Downs, J., and Schechter, S. (2013, January 24\u201326). Your attention please: Designing security-decision UIs to make genuine risks harder to ignore. Proceedings of the Ninth Symposium on Usable Privacy and Security, Newcastle, UK.","DOI":"10.1145\/2501604.2501610"},{"key":"ref_43","unstructured":"(2024, July 01). NordVPN Misfortune Cookie? Billions of Stolen Cookies Expose Your Data. Available online: https:\/\/nordvpn.com\/research-lab\/stolen-cookies-study\/."},{"key":"ref_44","first-page":"1","article-title":"Defining Young Adulthood","volume":"17","author":"Higley","year":"2019","journal-title":"DNP Qualif. Manuscr."},{"key":"ref_45","doi-asserted-by":"crossref","unstructured":"Zhao, J., Wang, G., Dally, C., Slovak, P., Edbrooke-Childs, J., Van Kleek, M., and Shadbolt, N. (2019, January 4\u20139). I make up a silly name\u2019 Understanding Children\u2019s Perception of Privacy Risks Online. Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, Glasgow, Scotland, UK.","DOI":"10.1145\/3290605.3300336"},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"107376","DOI":"10.1016\/j.chb.2022.107376","article-title":"Exploring the factors that influence the cybersecurity behaviors of young adults","volume":"136","author":"Alanazi","year":"2022","journal-title":"Comput. Hum. Behav."},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"e08773","DOI":"10.1016\/j.heliyon.2022.e08773","article-title":"Identifying and validating game design elements in serious game guidelines for climate change","volume":"8","author":"Razali","year":"2022","journal-title":"Heliyon"},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Starks, K. (2014). Cognitive behavioral game design: A unified model for designing serious games. Front. Psychol., 5.","DOI":"10.3389\/fpsyg.2014.00028"},{"key":"ref_49","unstructured":"Antin, J., and Churchill, E.F. (2011, January 7\u201312). Badges in Social Media: A Social Psychological Perspective. Proceedings of the CHI 2011 Gamification Workshop Proceedings, Vancouver, BC, Canada."},{"key":"ref_50","doi-asserted-by":"crossref","unstructured":"Isbister, K., and Schaffer, N. (2008). Game Usability: Advancing the Player Experience, CRC Press. [1st ed.].","DOI":"10.1201\/b14580"},{"key":"ref_51","unstructured":"Lankoski, P., and Bj\u00f6rk, S. (2007, January 24\u201328). Gameplay design patterns for believable non-player characters. Proceedings of the DiGRA 2007 Conference: Situated Play, Tokyo, Japan."},{"key":"ref_52","doi-asserted-by":"crossref","first-page":"514","DOI":"10.1080\/09541440701326097","article-title":"Testing improves long-term retention in a simulated classroom setting","volume":"19","author":"Butler","year":"2007","journal-title":"Eur. J. Cogn. Psychol."},{"key":"ref_53","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1661377.1661378","article-title":"Do serious games work? Results from three studies","volume":"2009","author":"Blunt","year":"2009","journal-title":"ELearn"},{"key":"ref_54","doi-asserted-by":"crossref","first-page":"1041","DOI":"10.1007\/s10964-013-9913-9","article-title":"More than just fun and games: The longitudinal relationships between strategic video games, self-reported problem solving skills, and academic grades","volume":"42","author":"Adachi","year":"2013","journal-title":"J. Youth Adolesc."},{"key":"ref_55","unstructured":"Rogers, S. (2014). Level Up! The Guide to Great Video Game Design, John Wiley & Sons."},{"key":"ref_56","first-page":"42","article-title":"Character design in games analysis of character design theory","volume":"2","author":"Kuntjara","year":"2017","journal-title":"J. Games Game Art Gamification"},{"key":"ref_57","unstructured":"Burgerman, J. (2024, August 07). 20 Top Character Design Tips. Available online: http:\/\/www.creativebloq.com\/character-design\/tips-51326432015."},{"key":"ref_58","doi-asserted-by":"crossref","first-page":"708","DOI":"10.1177\/0145445517699559","article-title":"Token economy: A systematic review of procedural descriptions","volume":"41","author":"Ivy","year":"2017","journal-title":"Behav. Modif."},{"key":"ref_59","doi-asserted-by":"crossref","first-page":"388","DOI":"10.1111\/j.1468-2885.2004.tb00321.x","article-title":"Enjoyment: At the heart of media entertainment","volume":"14","author":"Vorderer","year":"2004","journal-title":"Commun. Theory"},{"key":"ref_60","unstructured":"Busse, J., Lange, A., Hobert, S., and Schumann, M. (2020, January 12\u201316). How to Design Learning Applications That Support Learners in Their Moment of Need\u2013Didactic Requirements of Micro Learning. Proceedings of the Americas Conference on Information Systems (AMCIS 2020), Salt Lake City, UT, USA."},{"key":"ref_61","first-page":"11","article-title":"A study of preferred learning time of online learners in multimedia microlearning in higher education contexts","volume":"7","author":"Leong","year":"2022","journal-title":"Online J. TVET Pract."}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/15\/10\/607\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T16:10:07Z","timestamp":1760112607000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/15\/10\/607"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,3]]},"references-count":61,"journal-issue":{"issue":"10","published-online":{"date-parts":[[2024,10]]}},"alternative-id":["info15100607"],"URL":"https:\/\/doi.org\/10.3390\/info15100607","relation":{},"ISSN":["2078-2489"],"issn-type":[{"value":"2078-2489","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,10,3]]}}}