Systemization of Knowledge (SoK): Goals, coverage, and evaluation in cybersecurity and privacy games
Author Identifier
Georgia Psaroulis: https://orcid.org/0000-0002-5802-8642
Helge Janicke: https://orcid.org/0000-0002-1345-2829
Document Type
Conference Proceeding
Publication Title
Conference on Human Factors in Computing Systems - Proceedings
Publisher
Association for Computing Machinery
School
Centre for Securing Digital Futures / School of Science
Abstract
This paper systematized existing knowledge on cybersecurity and privacy game-based approaches, exploring their goals, scope, and evaluation methods. Our review of 93 academic papers revealed that these approaches serve multiple purposes and target diverse player types. We identified 11 key aspects of cybersecurity and privacy that these approaches addressed, such as threats, defensive strategies, and data privacy. Additionally, we analyzed the effectiveness evaluation methods of these approaches, emphasizing the connections between evaluation techniques, types of data used, and their alignment with the approaches' goals. We also summarized the aspects of user experience evaluated in the literature and the types of questions used to capture these experiences. Reflecting on these methods, we provide guidance for future research and practice in designing and evaluating game-based approaches. Finally, we identify key gaps and propose opportunities to enhance user understanding, foster adaptability, and address emerging cybersecurity and privacy challenges.
DOI
10.1145/3706598.3713798
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Comments
Huang, Y., Grobler, M., Ferro, L. S., Psaroulis, G., Das, S., Wei, J., & Janicke, H. (2025). Systemization of Knowledge (SoK): Goals, coverage, and evaluation in cybersecurity and privacy games. Proceedings of the 2025 CHI Conference on Human Factors in Computing Systems, 1-27. https://doi.org/10.1145/3706598.3713798