Creating interactive narratives.

Designers should create interactive narratives with hidden object elements to enhance players' self-efficacy in cybersecurity by placing characters in authentic breach contexts.

About this paper

The author designed and evaluated 'Hacked Time,' a desktop game aimed at improving player self-efficacy and security attitude by using Bandura's self-efficacy design framework.

A randomized control trial with 178 participants showed that the game effectively enhanced players' confidence and attitudes toward using cybersecurity tools.

Here are some methods used in this study:

Randomized Control Trial Ancova

Which part of the paper did the design guideline come from?

“The result from ANCOVA (Figure 7) indicated that participants in different conditions showed significant change in their self-efficacy as well as their response efficacy. A post-hoc analysis showed that participants in the game condition scored significantly higher in both self-efficacy and response efficacy in comparison to the information only and control groups. For self-efficacy, the information only group showed significantly higher self-efficacy compared to the control group. There is no (...)” (‘Self-efficacy and response efficacy’ section)

Chen, T., Stewart, M., Bai, Z., Chen, E., Dabbish, L., & Hammer, J. (2020). Hacked Time. Proceedings of the 2020 ACM Designing Interactive Systems Conference.

Inspiration and scope

This paper focuses on player characteristics related to increasing self-efficacy in cybersecurity through interactive game design.

You are designing for Google's Android Security team, targeting experienced bug reporters aiding in bug replication and fixing. Your design context and the paper's context differ: the paper addresses a broad audience with various cybersecurity expertise levels, while your design caters to seasoned bug reporters. At the same time, both aim to empower users. The paper boosts players' confidence in cybersecurity, and you aim to help bug reporters give accurate reports through guidance and interactivity.

Also, they differ because the paper involves iterative interactions to build self-efficacy, whereas your design focuses on efficient bug reporting. At the same time, both designs need clear communication. The academic context uses clear instructions to teach cybersecurity, while your design has clear fields and feedback for effective details.

Leveraging these similarities, consider designing an interactive bug reporting form with contextual tips, dynamic fields, and immediate feedback. This guides bug reporters and boosts their confidence, helping analysts replicate and fix bugs accurately.

Your input

  • What: I'm designing for Google Android's Security team. Specifically their bug reporting form where users can report their bugs.
  • Who: The users are bug reporters who are experienced in describing digital security bugs and provide enough detail that security analysts can replicate those bugs to fix them.
  • Design stage: Research, Ideation, Evaluation

Understanding users

The following user needs and pain points may apply to your design target as well:

Enhanced User Empowerment

Design should focus on empowering bug reporters by creating well-structured and user-friendly forms that guide them to provide detailed and replicable reports. This can enhance their confidence and the perceived value of their input.

Clear Communication and Guidance

Forms must have clear instructions and feedback mechanisms that reduce confusion. This ensures that bug reporters can provide the necessary details accurately, helping security analysts to reproduce and address the issues efficiently.

Design ideas

Consider the following components for your design:

1

Implement dynamic form fields that adapt based on the entered bug category or keywords.

2

Include contextual tips and hints that provide immediate guidance as users fill out the form.

3

Integrate a system for real-time feedback that checks for completeness and suggests improvements before submission.

Methods for you

Consider the following method(s) used in this paper for your design work:

Playtesting

Playtesting can help designers gain insights into how users interact with and comprehend the bug reporting form. Designers should ensure that the playtest participants closely resemble their actual target users to get relevant feedback.

Iterative Prototyping

Iterative prototyping involves creating multiple versions of the design, making incremental improvements based on user feedback and usability testing. Designers should collect comprehensive feedback after each iteration to ensure continuous improvement.

Metrics for you

Consider the following metric(s) used in this paper to evaluate your design work:

Self-Efficacy

Using self-efficacy as a metric helps assess the users' belief in their ability to describe and report bugs accurately, enhancing bug report quality. When evaluating this metric, consider ensuring that users receive clear guidelines and tooltips to support their confidence in filling out the form.

Response Efficacy

Using response efficacy as a metric helps determine whether bug reporters believe that the bug reporting process effectively reaches and is acted upon by the security team. Ensure clarity and visible feedback loops so reporters feel their detailed input leads to actionable outcomes.

[Figure 2] From this figure, you can gain insights on applying a design framework to improve users' self-efficacy, which could be beneficial in enhancing the bug reporting experience.