Cybersecurity educational games are capable of meeting a variety of goals, including learning of fundamental cybersecurity concepts, exposure to cybersecurity literacy, basic awareness, experiential learning plus situational awareness, and being a medium for K-12 outreach, college level learning plus corporate training. Existing literature show that there have been several prior research surveys focusing on analyzing cybersecurity educational games from various viewpoints. However, to our knowledge, there has been no previous work that has analyzed cybersecurity educational games in terms of their alignment with the current benchmarks in academic & industry standards that include the cybersecurity curricular plus assessment guidelines in higher education, the K-12 standardized cybersecurity concepts, and the job-related requirements. In an effort to address this research gap, we use the CSEC2017 curricular guidelines, the Cybersecurity Assessment Tools (CATS) model, the NSA GenCyber security-first concepts, and the NICE framework, for performing a unique analysis of a list of popular cybersecurity educational games, including serious games and Capture The Flag (CTF) competitive games. Our non-traditional survey-based research work demonstrates a novel, multi-faceted approach for analyzing popular open-source cybersecurity educational games in terms of their alignment with the standard academic and industry benchmarks. Our survey results include mapping of these cyber educational games to the CSEC2017 curricular knowledge areas, the CATS concept inventory topics, including the Cybersecurity Concept Inventory (CCI), which pertains to basic first year concepts, and the Cybersecurity Curriculum Assessment (CCA), which contains core concepts and learning outcomes for a college graduate, the NSA GenCyber concepts, and NICE framework-based specialized skill sets. Our research provides a first-of its kind study and a user-friendly analysis of open-source cybersecurity educational games that can serve as an insightful reference for cybersecurity educators and other audiences in using these games.
