Security Awareness Level Evaluation of Healthcare Participants Through Educational Games

The purpose of this paper consists of implementing an educational board game to evaluate the information security awareness level of healthcare personnel. The National Health Service Greater Glasgow and Clyde (NHSGGC) Information Security Acceptable Use Policy was used as a basis to generate the educational content of the board game and Lev Vygotsky’s social development theory was followed for the learning process of the participants. Two evaluations were carried out during this study. The results obtained during the first evaluation showed that it is fundamental to design the board game based on a set of rules in information security enacted by an organization to properly guide the participants with the knowledge they need to counter security incidents. The second evaluation showed that redesigning the content of the board game based on the information security policies of the NHSGGC, resulted in a more effective way of guiding participants on the procedures required for compliance with the policies of this health institution and offer them an understanding of the risks behind security incidents. This was demonstrated during this evaluation since the results obtained gave an approximation that it is possible to increase the level of awareness of information security in people regardless of their area of work or studies.