Play It Safe: An Educational Cyber Safety Game for
Children in Elementary School
Bushra Tasnim Zahed
Computer Science
University of Texas at San Antonio University of Texas at San Antonio
San Antonio, USA
BushraTasnim.Zahed@utsa.edu
Abstract—The objective of this research is to measure the
effectiveness of a game-based learning approach for cyber safety
education for children in elementary school. To date, few cyber
safety games have been developed and evaluated for elementary
school children. To address this gap in knowledge, we developed a
novel cyber safety computer game and conducted a study with
elementary school children ranging from age 7 to 10 (n=49).
Children were taught concepts of cyber safety through either our
plain TEXT, our interactive E-LEARNING website, or our
GAME. Knowledge increased significantly more in the group that
played the game, indicating that elementary school children can
learn about the concepts of cyber safety more effectively through
a game-based learning approach compared to traditional text
and/or e-Learning based approaches.
Keywords—cyber safety education, game-based learning,
elementary school, computer game, computer human interaction
I. INTRODUCTION
Educational games have made significant learning outcome
improvements in traditional Science, Technology, Engineering,
and Mathematics (STEM) fields in general, but there has been
relatively little research into game-based learning in the STEM
sub-field of cyber safety. Specifically, the effect of cyber safety
games on children in elementary school has been minimally
investigated. For example, some existing cyber safety games
encourage the players to role-play as hackers in a simulated
network and compete to control the network [1]. These games
cover more complex and advanced topics of network offense
and defense but lack common social engineering aspects of
security and online safety issues that are relevant to elementary
school children, such as cyberbullying, building strong
passwords etc. Learning about the most common dangers online
and acting to protect ourselves is the first step in making the
Internet a safer place and promoting cyber safety education.
Towards this goal, we evaluate the effectiveness of a novel
educational cyber safety computer game for elementary school
children.
II. BACKGROUND
A. Games for Cyber Safety Education
Game-based learning (GBL) is an innovative teaching
approach that reinforces development and learning through
game-play [2]. The games include card, board and video games
etc. Many researchers now believe that GBL can better
influence present day entertainment-driven learners to more
This work was supported by a grant from the National Science Foundation
(DGE-1419367).
Authorized licensed use limited to: Universidad de Sonora. Downloaded on February 08,2024 at 21:51:55 UTC from IEEE Xplore. Restrictions apply.
978-1-7281-4540-2/19/$31.00 ©2019 IEEE
Gregory White John Quarles
Computer Science Computer Science
University of Texas at San Antonio
San Antonio, USA San Antonio, USA
Greg.White@utsa.edu John.Quarles@utsa.edu
thoroughly engage in learning by meaningful narratives and
game-play activities defined in the game context.
Based on the literature review of existing work, educational
games for teaching cyber safety are mostly focused on older
groups of children - teenagers. There have been many games
developed for cyber safety education, but few of these have
been formally evaluated for learning effectiveness and even
fewer are targeted towards elementary school children. For
example, many games for security education have focused on
educating high school students or adult security professionals.
One of the most well-known games to date for teaching security
concepts is CyberCIEGE [3]. This game is a resource-
management simulation game used as a training tool by
agencies of the US government, universities and community
colleges. Players purchase and configure computers and
network devices while protecting assets from a variety of
attacks. While this approach has been successful, the players
need to have a level of knowledge of the domain area for all the
simulation-style games. Attack and defense-based games for
teaching security concepts assume a level of understanding of
computers and security terminology that is beyond most
computer users. At the other end of the spectrum, several less
formal games use security vocabulary, without necessarily
addressing behavior at all. For example, targeted towards high
school students, Control-Alt-Hack [4] is a card game with a
security theme, but it does not directly provide hands on
security training. It is intended to be used to bootstrap a more
focused educational activity. A recent study was conducted to
teach cyber safety concepts to high school students with a
computer game called SecurityEmpire [5]. The game involves
building a green energy company while engaging in sound
information assurance practices and avoiding security missteps.
The network security board game [d0x3d!] aims to reach a
diverse audience (including high school students), but is limited
to four players per game, and places those players in
cooperative network hacking roles [1]. Players work together
as a skilled team of hackers, infiltrating a network, stealing
digital assets and escaping from the network before getting
caught by the network administrators. Even though the game is
fun, the strategic elements of the game do not directly
demonstrate security risks that can occur during web-based
activities nor do they demonstrate the need to perform safe
security practices. Another characteristic lacking in earlier
games is whether the students can play the game without
learning anything about the subject it was designed to teach.
Games such as Cyberbully Zombies and Tad’s Profile Panic
can be played without the student learning anything about
cyberbullying or security [6].
III. HYPOTHESES
Previous work has demonstrated the effectiveness of GBL
in general [7]. Thus, our expectation was that GBL would be
effective for teaching cyber safety to children ages 7-10. Based
on this motivation, we have developed the following Fig. 1. Cyber safety facts on a correct match
hypotheses.
In Fig. 1 we see cyber safety facts upon cards are correctly
H1: Participants’ cyber safety pre to post test scores will matched. The screenshots are taken from a quest in level 1 where
increase in TEXT, E-LEARNING, and GAME groups. players need to match blocks from memory to get clues that will
tell them what to do when password is hacked.
H2: Participants who are in the GAME condition will In level 2 (Fig. 2), the players need to find clues from hidden
improve their cyber safety test scores more than participants in objects in the room. After clicking the brown bag, players know
the TEXT and E-LEARNING conditions. what objects they need to look for.
IV. METHODS
A. Design
We have followed a quantitative quasi-experimental
research approach with a between subjects’ study design to
address the research question, can interactive game-based
learning be more effective than common approaches (e.g. text,
interactive e-Learning) for cyber safety education for ages 7 to
10 years old? We randomly assigned each participant to one of
three groups: TEXT, E-LEARNING or GAME. A pretest and
posttest was given to assess learning. In the following sections, Fig. 2. Hidden object game quest
we will provide the overview of the study conditions and how
we conducted the study to address this research question. In level 3, the players are asked to choose between the
options whether they should plug the pen-drive to pc/laptop to
B. Materials check for missing files or they should scan the pen-drive with
1) Game: The GAME condition was developed in the antivirus software before checking for files. Based on the
Unity3D game engine using the C# programming language. In choices they make; the players get in-game feedback and the
our study, it was played on a laptop with Microsoft Windows. score gets updated respectively as well. Level 3 continues with
The concepts and examples are covered by means of a digital interactive creation of strong passwords. Levels 4 and 5
story-telling technique to play out common social engineering progress the story and reinforce cyber safety concepts with
scenarios in a school-goer’s perspective. Specifically, the game additional hidden object gameplay and narratives.
revolves around two school-going sisters, solving different
security problems they encounter in their day to day lives. The 2) Text: The TEXT condition consisted of a handout about
conversations between the main characters allow players to cyber safety and was developed to be like what may be found
engage in the ongoing story and understand their current in a text book for this age group. The handout was written by
objectives in the game. the same elementary school teacher of cyber safety that
participated in the game design. It contained the same core
The player plays mini games to find clues to help the game cyber safety information as the GAME group but was presented
characters solve security problems. The clues in each quest are in text. The handout had 429 words total and was written
meant to deliver knowledge about cyber safety related concepts specifically for the 7-10 years age range. For an example of the
by means of game activities and feedback. The in-game text in the handout, here is the first paragraph:
feedback is provided before advancing to the next quest. As the “Have you ever wondered what exactly cyber safety is?
players advance in the game they earn or lose points from their Well it means the different types of technology, processes
score based on the correctness of choices they make in the game.
and practices designed to protect networks, computers,
The score system and in-game feedback for each quest are
programs and data from attack, damage or unauthorized
intended to keep the player engaged to continue playing.
access. Just like there are criminals who steal items or
money, there are criminals online trying to get access to
your information by cracking or trying to break into a

Authorized licensed use limited to: Universidad de Sonora. Downloaded on February 08,2024 at 21:51:55 UTC from IEEE Xplore. Restrictions apply.
 program or network. One way to avoid cybercriminals is
by creating a strong password.”
3) E-Learning: E-LEARNING covers the same topics of
TEXT and GAME conditions, but in an interactive, multimedia
manner using text and video content. It also contained the same
core cyber safety information as the GAME and TEXT groups
but was presented in a typical e-learning tutorial on a website,
where students need to log in and finish it topic by topic to
100% completion to obtain the cyber safety knowledge. Users
can follow up with their overall progress and get hints until they
get to the correct answers. The interactive lessons are evaluated
by fill in the blanks, text matching, true/ false (Fig. 3), multiple
choice, and short answer questions.
Fig. 3. The true/ false evaluation for E-Learning content
C. Population and Environment
We contacted local schools and recruited 49 elementary
school children age ranging from 7 to 10 years with similar
socio-economic background. Also, most of them were of
Hispanic ethnicity. Based on a recruitment survey, they all had
similar exposure to digital technology like computers, laptops,
mobile devices and internet access. The common activities they
engaged themselves with technology are playing games,
watching videos and studying. All participants had sufficient
reading levels to participate. The study took place in a quiet
class room setting. One participant was in the room at a time.
D. Procedure
Prior to the study, parents of participants signed and
informed consent form. As the first step of the study,
participants took a pretest to assess their baseline knowledge of
cyber safety. In the second step, each participant was randomly
assigned to either the group GAME, E-LEARNING, or TEXT.
In the third step, participants in the GAME group played our
computer game, participants in the E-LEARNING group
interacted with the e-learning site, and participants in the
control group read through a text-based cyber safety handout,
which covered the same topics as the GAME and E-
LEARNING conditions. All conditions took the same time for
the intervention - 15 minutes. In the fourth step, participants
took a posttest, identical to the pretest.
Authorized licensed use limited to: Universidad de Sonora. Downloaded on February 08,2024 at 21:51:55 UTC from IEEE Xplore. Restrictions apply.
E. Metrics
Cyber safety knowledge questionnaire: This was a test with
34 multiple choice questions to assess cyber safety knowledge
in all TEXT, GAME and E-LEARNING. The maximum score
possible was 34*5 = 170. Each question has five options in the
answer set to choose from. Some questions may have multiple
correct answers. As a result, we have considered 5 points for
each question to allow partial credit if necessary. This test was
created by the local elementary school teacher who participated
in the design process of the GAME.
V. RESULTS
A Shapiro-Wilk test determined the distributions of data
were normal. Thus, we ran one-way ANOVA followed by post
hoc t-tests with Bonferroni correction for three comparisons.
Alpha = .05 because we are reporting the corrected p values.
A. Cyber Safety Knowledge Questionnaire
TABLE I. DESCRIPTIVE STATISTICS FOR THE CYBER SAFETY KNOWLEDGE
QUESTIONNAIRE
Descriptive Statistics
Group
Pretest Std err Posttest Std err
TEXT 125.17 5.58 130.82 5.51
GAME 127.15 4.45 148.73 6.91
E-LEARNING 110.56 4.57 120 5.14
Descriptive statistics are shown in Fig. 4 and Table 1.
1) Group Comparisons
Fig. 4. Means of pretest and posttest of the TEXT, GAME and E-LEARNING
conditons. Standard error whiskers are shown.
The pretest means of TEXT, GAME, and E-LEARNING were
not significantly different per a one-way ANOVA. Thus, we
assume they had a similar baseline (Table 1). With one-way
ANOVA, we found a significant effect of Group on knowledge
change (posttest score – pretest score) (F (2,46) =5.24, p=.0089,
2=0.19) as shown in (Fig. 4). For post hoc comparisons, we
used independent samples t-tests with Bonferroni correction.
TEXT vs GAME: With an independent samples t test, we found
a significant effect for group (t (26) = 3.07, p = 0.01, r = .52)
with GAME outperforming TEXT. TEXT vs E-LEARNING:
With an independent samples t test, we found no significant
effect for group (t (36) = .82, p > .05, r = .13). E-LEARNING
vs GAME: With an independent samples t test, we found a
significant effect for group (t (35) = 2.58, p = 0.04, r = .4) with
GAME outperforming E-LEARNING.
2) Pretest vs Posttest within each group
TEXT: With a paired samples t test, we found a significant
effect for test (t (13) = 2.64, p = 0.01, Pearson’s r = .58) with
the average post-test score being higher than the pre-test. E-
LEARNING: With a paired samples t test, we found a
significant effect for test (t (21) = 3.1, p = .003, Pearson’s r =
.56) with the average post-test score being higher than the pre-
test. GAME: With a paired samples t test, we found a
significant effect for test (t (12) = 4.74, p < 0.001, Pearson’s r
= .81) with the average post-test score > the pre-test.
VI. DISCUSSION
Some of the cyber safety learning objectives may seem
somewhat trivial, but this is not trivial for children. For
example, one of our intentions is to teach the children different
terminologies for the same device so that they are aware of the
safety features and treat them with the same security measures.
When a child does not know that ‘USB drive’ and ‘pen drive’
words mean the same thing, the child may assume that a USB
drive needs to be password protected and a pen-drive does not.
We have presented such cyber safety knowledge by means of a
story and quests in the game.
The results of the study suggest that children who played
the GAME learned more about cyber safety than children who
read TEXT about cyber safety or experienced an E-
LEARNING module. The children in the study started with a
similar level of baseline knowledge of cyber safety. On
average, the children learned new information about cyber
safety in all conditions (We can accept H1). However, children
who played the GAME learned significantly more cyber safety
knowledge than children who read the TEXT or used the E-
LEARNING website (We can accept H2).
Research has shown that entertainment games are able to
promote meaningful learning through providing players with
adaptive challenges, curiosity, self-expression, discovery,
immediate feedback, clear goals, player control, immersion,
collaboration, competition, variable rewards, and low-stakes
failure [8]. An effective educational game can use all these
design elements to engage students and provide opportunities
to maintain motivation and keep them actively involved
throughout the game. Thus, the result of our study is consistent
with other studies that show a GBL approach can be more
effective than a traditional TEXT approach and an interactive
quiz format E-LEARNING approach [9]. Our results suggest
that a GBL approach is suitable for cyber safety education
among elementary school children.
Although it is unclear precisely how each GAME element
influenced the results, we propose some hypotheses based on
GBL literature [10] and our observations. We observed a
Authorized licensed use limited to: Universidad de Sonora. Downloaded on February 08,2024 at 21:51:55 UTC from IEEE Xplore. Restrictions apply.
difference in the engagement of the research participants
towards the cyber safety content. The GAME group appeared
more interested and paid more attention to the content as they
were interacting with GAME components than TEXT or E-
LEARNING. Based on the evidence from previous work [11],
gameplay must be supported with appropriate feedback to
influence motivation and learning in GBL environments. We
expect that this is the primary reason for seeing the significant
increase in knowledge of GAME as compared to E-
LEARNING and TEXT.
VII. CONCLUSION
There has been minimal previous research into the
effectiveness of cyber safety computer games for children
below the age of high school. To address this gap in knowledge,
we present the design and evaluation of a novel computer game
for cyber safety education. Results suggest that GBL is more
effective than both a traditional text-based approach and an
interactive e-Learning approach for delivering knowledge
about concepts of cyber safety to children ages 7-10. We hope
that this work motivates researchers, developers, and teachers
to create more cyber safety educational games for this age
group.
ACKNOWLEDGMENTS
The authors would like to thank the participants, their
parents, and their teacher.
REFERENCES
[1] M. Gondree and Z.N.J Peterson, "Valuing Security by Getting [d0x3d!]
Experiences with a network security board game," 2013.
[2] S. Tang, M. Hanneghan, and A. E. Rhalibi, "Introduction to games-based
learning," in game-based learning advancements for multi-sensory human
computer interfaces: Techniques and effective practices, pp. 1-17. IGI
Global, 2009.
[3] C. E. Irvine, M. F. Thompson, and K.Allen. "CyberCIEGE: gaming for
information assurance," IEEE Security & Privacy 3, no. 3, 2005, pp. 61-
64.
[4] T. Denning, A. Lerner, A. Shostack, and T. Kohno, "Control-Alt-Hack:
the design and evaluation of a card game for computer security awareness
and education," in Proceedings of the 2013 ACM SIGSAC conference on
Computer & communications security, pp. 915-928. ACM, 2013.
[5] M. Olano, A. T. Sherman, L. Oliva, R. Cox, D. Firestone, O. Kubik, M.
Patil, J. Seymour, I. S. Kohane, and D. Thomas, "SecurityEmpire:
Development and Evaluation of a Digital Game to Promote Cybersecurity
Education," in 3GSE. 2014.
[6] J. C. Lester, H. A. Spires, J. L. Nietfeld, J. Minogue, B. W. Mott, and E.
V. Lobene, "Designing game-based learning environments for elementary
science education: A narrative-centered learning
perspective," Information Sciences 264, 2014, pp. 4-18.
[7] A. Mitchell, and C. Savill-Smith, "The use of computer and video games
for learning: A review of the literature," 2004.
[8] A. Jabbar, A. Iliya, and P. Felicia. Gameplay engagement and learning in
game-based learning: A systematic review. Review of Educational
Research, 85(4), 2015, pp.740-779.
[9] J. M. Keller, Motivational design for learning and performance: The
ARCS model approach. Springer Science & Business Media, 2009.
[10] M. Qian and K. R. Clark, Game-based Learning and 21st century skills:
A review of recent research. Computers in Human Behavior, 63, 2016,
pp. 50-58.
[11] E. Klopfer, S. Osterweil and K. Salen, 2009. Moving learning games
forward. Cambridge, MA: The Education Arcade.