Gamifying Cyber Governance: A Virtual Escape Room to Transform Cybersecurity Policy Education
Serious games are gaining popularity as effective teaching and learning tools, providing engaging, interactive, and practical experiences for students. Gamified learning experiences, such as virtual escape rooms, have emerged as powerful tools in bridging theory and practice, fostering deeper understanding and engagement among students. This paper presents the design, implementation, and evaluation of a virtual escape room tailored specifically for cybersecurity governance and policy education. Developed as a 3D immersive environment, the escape room simulates a virtual company scenario to facilitate risk-informed cyber policy development. It consists of three interactive zones, each offering distinct sets of scenario-based problems that target specific educational objectives. Through these zones, students analyze cybersecurity risks, match security frameworks, and draft appropriate policies, thereby developing critical thinking, decision-making skills, and practical cybersecurity competencies. The primary contribution of this work lies in its innovative integration of game-based learning and immersive technology to create robust, interactive learning materials that are also resilient to generative AI interventions, thereby maintaining academic integrity. Additionally, the escape room provides students with exposure to real-world cybersecurity scenarios in a virtual office environment that meets industry expectations. Results from a student survey indicated strong positive feedback, highlighting significant improvements in students engagement, practical understanding, and enthusiasm toward cybersecurity governance and policy concepts, underscoring the effectiveness and potential of gamification in cybersecurity education.