Lessons from preschool: gamification
‘Gamification’ – making a business activity into a sort of game - is very popular as a way to make training more engaging, as well as to test business planning and readiness and raise awareness of issues. In our business – information security – we use ‘tabletop scenario’ games: playing out, with a team, the response to some kind of fictional but realistic information security incident. Everyone agrees they are a great way to learn, to test and practice responses: but nobody really has any systematic way to measure their effectiveness – to assess their actual business value. In my semi-retirement I have continued my engagement with universities by supporting student projects in our field. This year I’m pleased to be working with a student on a project I proposed for his MSc Cyber Security dissertation. The idea is to come up with some systematic way to measure the business value of tabletop cyber scenario exercises. The problem with play is that everyone enjoys it but it isn’t easy to