Group Leader: Fredmark Ivan Dizon

Group Members: Amiel Abello Gatchalian, Aaron Kim Agustin, Mikhail Asaldo, Jan Santos Marquez,
Kenneth Rivera Enriquez, Gabriel Santiago

Chapter 1
The Problem and Its Background

1.1 Introduction
Cybersecurity is an increasingly important aspect of our daily lives. As our reliance on technology
grows, so too does the need to ensure that our online activities are secure and protected.
Unfortunately, despite the growing importance of cybersecurity, many individuals lack the necessary
knowledge and skills to protect themselves against cyber threats. This is particularly true for ICT
(Information and Communication Technology) students, who are likely to be future cybersecurity
professionals. Therefore, it is imperative to enhance their cybersecurity resilience through effective
education and training programs.

The level of cybersecurity resilience among the ICT students (Schneider, 2012). Cybersecurity
resilience can be defined as the ability of individuals or organizations to prevent, detect, respond to,
and recover from cybersecurity incidents or attacks (Acar & Fahl, 2019).

The study aims to evaluate the effectiveness of the education program in enhancing the level of
cybersecurity knowledge among the ICT students. Therefore, the dependent variable in this study is
the level of cybersecurity resilience among the ICT students, which will be measured before and
after the students participate in the education program (Tang, et al., 2020). The pre-test and post-
test will be used to assess the changes in the students' level of cybersecurity resilience after
participating in the education program.

The measurement of the dependent variable will be conducted using a validated cybersecurity
resilience assessment tool, such as the Cybersecurity Capability Maturity Model (C2M2) or the
National Institute of Standards and Technology (NIST) Cybersecurity Framework (Peltier, 2016). The
tool will assess the students' abilities to prevent, detect, respond to, and recover from cybersecurity
incidents or attacks like malware, DDoS, and the most common attack, the social engineering attack
like phishing.

The interactive and gamified cybersecurity education program is designed to provide ICT students
with an engaging and entertaining way to learn about cybersecurity concepts and practices
(Schneider, 2012). The program may include interactive games, simulations, quizzes, and other
activities that aim to improve the students' knowledge and skills in preventing, detecting,
responding to, and recovering from cybersecurity incidents or attacks.

The program may also incorporate various instructional strategies and techniques, such as case
studies, role-playing, problem-based learning, and peer collaboration, to enhance the students'
learning experience (Peltier, 2016).
The effectiveness of the program in enhancing the level of cybersecurity resilience among the ICT
students will be evaluated by comparing the pre-test and post-test scores of the students. The pre-
test score will serve as the baseline level of the students' cybersecurity resilience before they
receive the education program, while the post-test score will measure the level of improvement
after they have completed the program.

In this study, the researchers are interested on improving the security knowledge of students in
technology Schneider, C. (2012). The education program is the intervention being tested, and the
level of cybersecurity awareness among the ICT students is the outcome being measured.

The education program is expected to provide the students with knowledge and skills in preventing,
detecting, responding to, and recovering from cybersecurity incidents or attacks Tang, Z., Chen, H.,
Liu, Y., Zhou, J., & Wang, F. (2020). By enhancing the level of cybersecurity knowledge among the
students, the education program can help them to be better prepared to protect themselves and
their organizations against cyber threats.

Therefore, there is a relationship between the education program and the level of cybersecurity
resilience among the students. The researchers are interested in examining this relationship to
determine whether the education program is effective in enhancing the students' level of
cybersecurity understanding.

1.2 Statement of the Problem

Cybersecurity threats are becoming increasingly prevalent, and it is essential for individuals and
organizations to have the knowledge and skills to prevent, detect, respond to, and recover from
cyber incidents or attacks. Information and Communication Technology (ICT) students are an
important group to target with cybersecurity education programs as they are likely to become
future IT professionals and may be responsible for managing and securing the information systems
of their organizations.

The problem addressed in this study is the need to enhance the level of cybersecurity awareness
among ICT students. To achieve this, the study examines the effectiveness of an interactive and
gamified cybersecurity education program for ICT students.

The study's goal is to answer the following questions stated below:

1. What is the current level of cybersecurity knowledge and skills among ICT students?

2. In what features of an effective interactive and gamified cybersecurity education program for ICT
students should we invest to ensure their comprehensive learning and engagement?

3. To what extent does the interactive and gamified cybersecurity education program enhance the
level of cybersecurity resilience among ICT students?
4. What are the perceptions of ICT students regarding the usefulness and effectiveness of the
interactive and gamified cybersecurity education program?

1.3 Hypothesis
The purpose of this study is to find out whether an interactive and game-based cyber security
education program can effectively improve the cyber security resilience of ICT students. The focus of
this study is the research question of whether an interactive and gamified approach increases
student engagement and motivation, leading to better retention of cybersecurity knowledge and
skills.

In addition, the study examines whether the program can help students develop a more active and
vigilant approach to cyber security, making them more resistant to cyber attacks and better
prepared to respond to security breaches.

The need for this research stems from the limitations of traditional cyber security education
approaches, which are often lecture-based and can be dry and uninspiring. In contrast, interactive
and gamified learning methods are likely to provide students with a more immersive and engaging
learning experience that is better suited to the dynamic and rapidly evolving cyber threat landscape.

The study compares the effectiveness of an interactive, game-based cyber security education
program with a traditional lecture-based program in terms of knowledge retention, skill
development, and cyber resilience. The study also examines the relationship between student
engagement and motivation and their performance in the program.

If the results of this study support the effectiveness of an interactive and game-based approach, this
may have important implications for the design of cyber security training programs for ICT students.
Incorporating interactive and playful learning methods into the curriculum can improve student
engagement and motivation, thus improving the retention of cybersecurity knowledge and skills,
and ultimately the cybersecurity resilience of future ICT professionals.

1.4 Significance of the study

Cybersecurity threats are increasing at an alarming rate, with cyberattacks becoming more
sophisticated and harder to prevent. In response, educational institutions and businesses are
prioritizing cybersecurity awareness and education. Having a knowledge in cybersecurity is
significant for students, teachers, administrators, and future researchers alike.

The study examines the effectiveness of an interactive and gamified cybersecurity education
program designed for ICT students. The use of interactive and gamified learning strategies is
becoming increasingly popular in educational settings, as they are believed to be more engaging and
effective in promoting learning outcomes. The study's findings could help to enhance cybersecurity
education programs and improve the cybersecurity resilience of students, educational institutions,
and businesses.
Students stand to benefit significantly from the study. The interactive and gamified cybersecurity
education program could help them develop the skills and knowledge necessary to protect
themselves and their future employers from cyber threats. The program could also make learning
more enjoyable and engaging, potentially increasing student motivation and interest in the field.

Teachers and administrators could also benefit from the study's findings. By incorporating the
interactive and gamified cybersecurity education program into their curriculum, they could improve
their students' cybersecurity knowledge and skills, which could enhance their ability to protect
themselves and others against cyber threats. Additionally, the program could help teachers and
administrators identify areas of weakness in their students' cybersecurity knowledge, allowing them
to adjust their instruction accordingly.

The study could also have significant implications for future research. The findings could inform the
development of new, innovative cybersecurity education programs that incorporate interactive and
gamified learning strategies. Future research could also examine the long-term effects of the
program on students' cybersecurity knowledge and skills and investigate the effectiveness of similar
programs for different populations.

In summary, the study on the effectiveness of an interactive and gamified cybersecurity education
program is significant for students, teachers, administrators, and future researchers. The findings
could help to enhance cybersecurity education programs, improve students' cybersecurity
resilience, and inform the development of new, innovative learning strategies for cybersecurity
education.

1.5 Scope & Deliminations of the study

This study aims to evaluate the effectiveness of an interactive and gamified cybersecurity education
program in enhancing the cybersecurity resilience of ICT students, particularly those enrolled in
ACLC Malolos. The study will focus on the following areas:

• The current state of cybersecurity education among ICT students

.• The design and implementation of an interactive and gamified cybersecurity education program
• The impact of the program on the cybersecurity knowledge, skills, and attitudes of ICT students in
ACLC Malolos
• The factors that influence the effectiveness of the program
• The potential for scaling up the program to other educational institutions

The study will have the following delimitations:

• The study will only involve ICT students enrolled in ACLC Malolos
• The study will only evaluate the effectiveness of an interactive and gamified cybersecurity
education program and will not compare it with other cybersecurity education programs
• The study will not cover the technical aspects of cybersecurity such as coding, hacking, and
penetration testing.
• The study will only cover the short-term impact of the program and will not evaluate its long-term
effects on the students' cybersecurity resilience
• The study will only focus on the factors that influence the effectiveness of the program within the
context of ACLC Malolos and may not be applicable to other educational institutions.

1.6 Definition of Terms

Cybersecurity: The practice of protecting computer systems, networks, and data from digital
attacks, theft, and damage.
Malware: Software designed to harm, steal, or disable computer systems or data, including viruses,
worms, and Trojan horses.
Phishing: The act of using fraudulent emails or websites to trick people into revealing sensitive
information, such as passwords or credit card numbers.
Cyberattack: An attempt to damage, disrupt, or gain unauthorized access to a computer system or
network.
Penetration Testing: The process of testing a computer system or network to identify vulnerabilities
and determine how well it can withstand a cyberattack.
DDoS: DDoS stands for "Distributed Denial of Service". It is a type of cyber attack where multiple
computers or devices are used to flood a target system, server or network with traffic, causing it to
become overwhelmed and unavailable to legitimate users.
Coding: Also known as programming, refers to the process of writing instructions in a programming
language that a computer can understand and execute. Coding involves creating software, web
applications, mobile apps, and other computer programs that perform specific tasks or solve
particular problems.
Hacking: refers to the act of using technical skills and knowledge to gain unauthorized access to
computer systems or networks.
Cyberthreat: refers to a potential or existing danger or risk of a cyber attack or other malicious
activity that can compromise the confidentiality, integrity, or availability of digital systems,
networks, or data.
Breaching: Refers to the act of bypassing or breaking through a security barrier or control to gain
unauthorized access to a computer system, network, or digital device.

References
"The Current State of Cybersecurity Education in K-12 Schools in the United States" by Chen, N., &
Anderson, C. (2020). This paper provides an overview of the current state of cybersecurity education
in K-12 schools in the US and offers recommendations for improving cybersecurity education for
students. Link: [Link]

"A Systematic Review of Cybersecurity Education and Training Research" by Lau, F., & Zhang, J.
(2021). This review summarizes the existing research on cybersecurity education and training and
identifies gaps and areas for future research. Link:
[Link]

"Measuring the Effectiveness of Cybersecurity Education Programs" by Brooks, R., & Anton, A.
(2019). This article discusses the challenges of measuring the effectiveness of cybersecurity
education programs and proposes a framework for assessing the impact of such programs. Link:
[Link]
rity_Education_Programs

"Cybersecurity Education and Training: Results of a Systematic Literature Review" by Azzam, A., &
Alghamdi, A. (2020). This paper presents the results of a systematic literature review of
cybersecurity education and training and identifies key themes and areas for future research. Link:
[Link]

"Designing Effective Cybersecurity Education Programs: A Review of the Literature" by Alrawi, O., &
Al-Shaer, E. (2020). This paper reviews the literature on designing effective cybersecurity education
programs and proposes a framework for designing such programs. Link:
[Link]

Submitted to:
Kim Jr Inutan