RPG-Based Educational Game for Personal Data Security Awareness in Elementary School Students: A Design and Usability Study

Authors

  • Muhamad Rizal Fahlefi Universitas Muhammadiyah Magelang
  • Uky Yudatama Universitas Muhammadiyah Magelang
  • Dimas Sasongko Universitas Muhammadiyah Magelang https://orcid.org/0000-0002-2369-8080
  • Nuryanto Nuryanto Universitas Muhammadiyah Magelang
  • Setiya Nugroho Universitas Muhammadiyah Magelang
  • Purwono Hendradi Universitas Muhammadiyah Magelang

DOI:

https://doi.org/10.30996/jitcs.133044

Keywords:

cybersecurity education, game development life cycle, personal data security, RPG, role playing game, usability

Abstract

As more and more elementary school-aged children use the internet, they are more likely to be exposed to cybersecurity threats, especially when it comes to keeping their personal information safe. Various educational media have been developed to introduce cybersecurity concepts to children, but most remain passive and do not engage children in simulated real-life digital risk situations. This research addresses this gap by proposing an RPG-based educational game that integrates personal data security concepts into gameplay missions tailored to the cognitive characteristics of children aged 10–12. The goal of this study was to create and assess an educational game that could serve as a substitute learning tool for personal data security. The game was developed using the Game Development Life Cycle framework and implemented using RPG Maker MV. Usability testing involved 20 elementary school students and was carried out through direct observation of 13 game scenes. The success rate indicates the number of students who were able to complete each scene independently. The test results showed that the beginning and end of the game had low success rates, indicating issues with text readability, navigation clarity, and reflective elements. The results showed that iterative improvements in the beta phase improved interface clarity and the gameplay experience. The findings in this study indicate that usability-based improvements have an important role in the design of educational games for children, and RPG-based educational games have the potential to be interactive and contextual personal data security education media.

Downloads

Download data is not yet available.

Author Biographies

Muhamad Rizal Fahlefi, Universitas Muhammadiyah Magelang

Department of Informatics Engineering

Uky Yudatama, Universitas Muhammadiyah Magelang

Department of Informatics Engineering

Dimas Sasongko, Universitas Muhammadiyah Magelang

Department of Informatics Engineering

Nuryanto Nuryanto, Universitas Muhammadiyah Magelang

Department of Informatics Engineering

Setiya Nugroho, Universitas Muhammadiyah Magelang

Department of Informatics Engineering

Purwono Hendradi, Universitas Muhammadiyah Magelang

Department of Informatics Engineering

References

Alguliyev, R. M., Abdullayeva, F. J., & Ojagverdiyeva, S. S. (2021). Log-File Analysis to Identify Internet-addiction in Children. International Journal of Modern Education and Computer Science (IJMECS), 13(5), 23-31. doi:https://doi.org/10.5815/ijmecs.2021.05.03

Alguliyev, R., & Ojagverdieva, S. (2019). Conceptual Model of National Intellectucal System for Children Safety in Internet Environment. International Journal of Computer Network and Information Security (IJCNIS), 11(3), 40-47. doi:https://doi.org/10.5815/ijcnis.2019.03.06

Ariyana, R. Y., Susanti, E., Ath-Thaariq, M. R., & Apriadi, R. (2022). Penerapan Metode Game Devlopment Life Cycle (GDLC) pada Pengembangan Game Motif Batik Khas Yogyakarta. INSOLOGI: Jurnal Sains dan Teknologi, 1(6), 796-807. doi:https://doi.org/10.55123/insologi.v1i6.1129

Chueca, J., Verón, J., Font, J., Pérez, F., & Cetina, C. (2024). The consolidation of game software engineering: A systematic literature review of software engineering for industry-scale computer games. Information and Software Technology, 165. doi:https://doi.org/10.1016/j.infsof.2023.107330

Fujiati, F., & Rahayu, S. L. (2020). Implementasi Algoritma Fisher Yate Shuffle Pada Game Edukasi Sebagai Media Pembelajaran. Cogito Smart Journal, 6(1), 1–11. doi:https://doi.org/10.31154/cogito.v6i1.174.1-11

Hill, W. A., Fanuel, M., Yuan, X., Zhang, J., & Sajad, S. (2020). A Survey of Serious Games for Cybersecurity Education and Training. KSU Proceedings on Cybersecurity Education, Research and Practice. Retrieved January 24, 2026, from https://digitalcommons.kennesaw.edu/ccerp/2020/Research/7/

Jony, A. I., & Hamim, S. A. (2023). Navigating the Cyber Threat Landscape: A Comprehensive Analysis of Attacks and Security in the Digital Age. Journal of Information Technology and Cyber Security, 1(2), 53–67. doi:https://doi.org/10.30996/jitcs.9715

Kuzminykh, I., Yevdokymenko, M., Yeremenko, O., & Lemeshko, O. (2021). Increasing Teacher Competence in Cybersecurity Using the EU Security Frameworks. International Journal of Modern Education and Computer Science (IJMECS), 13(6), 60-68. doi:https://doi.org/10.5815/ijmecs.2021.06.06

Meitarice, S., Febyana, L., Fitriansyah, A., Kurniawan, R., & Nugroho, R. A. (2024). Risk Management Analysis of Information Security in an Academic Information System at a Public University in Indonesia: Implementation of ISO/IEC 27005:2018 and ISO/IEC 27001:2013 Security Controls. Journal of Information Technology and Cyber Security, 2(2), 58–75. doi:https://doi.org/10.30996/jitcs.12099

Ng, C. Y., & Hasan, M. K. (2025). Cybersecurity serious games development: A systematic review. Computers & Security, 150. doi:https://doi.org/10.1016/j.cose.2024.104307

Quayyum, F., Cruzes, D. S., & Jaccheri, L. (2021). Cybersecurity awareness for children: A systematic literature review. International Journal of Child-Computer Interaction, 30. doi:https://doi.org/10.1016/j.ijcci.2021.100343

Rifai, M. A., Armansyah, R. A., & Hashbillah, M. R. (2024). Keamanan Internet Untuk Anak Dibawah Usia 17 Tahun. Journal of Informatics and Information Security, 5(2), 59-72. doi:https://doi.org/10.31599/pf56qp88

Sağlam, R. B., Miller, V., & Franqueira, V. N. (2023). A Systematic Literature Review on Cyber Security Education for Children. IEEE Transactions on Education, 66(3), 274-286. doi:https://doi.org/10.1109/TE.2022.3231019

Sasongko, D., & Purwandari, S. (2023). Penerapan Metode Addie pada Pengembangan Komik Interaktif sebagai Media Edukasi Keamanan Data Pribadi bagi Anak. Jurnal Indonesia: Manajemen Informatika dan Komunikasi, 4(3), 698-708. Retrieved January 24, 2026, from https://journal.stmiki.ac.id/index.php/jimik/article/view/267

Supangat, S., Amna, A. R., & Rochman, M. Y. (2025). Penetration Testing and Vulnerability Analysis of SINTA Platform to Strengthen Privacy and Data Protection. Journal of Information Technology and Cyber Security, 3(2), 79–83. doi:https://doi.org/10.30996/jitcs.12216

UNICEF Indonesia. (2025, February). Pengetahuan dan Kebiasaan Daring Anak di Indonesia: Sebuah Kajian Dasar 2023. Retrieved January 24, 2026, from UNICEF Indonesia: https://www.unicef.org/indonesia/id/perlindungan-anak/laporan/pengetahuan-dan-kebiasaan-daring-anak-di-indonesia-sebuah-kajian-dasar-2023

Videnovik, M., Vold, T., Kiønig, L., & Trajkovik, V. (2025). Game Strategies to Engage and Empower Students: A Study on Perceptions of Cybersecurity Lesson. International Journal of Game-Based Learning (IJGBL), 15(1). doi:https://doi.org/10.4018/IJGBL.391304

Widjaja, J. A., Jefferson, L., Siahaan, M. F., & Chow, A. (2024). Utilizing Game Development Life Cycle Method to Develop an Educational Game for Basic Mathematics Using Unity 2D Game Engine. International Journal of Computer Science and Information Technology, 1(1), 20-30. doi:https://doi.org/10.55123/ijisit.v1i1.6

Zhang-Kennedy, L., & Chiasson, S. (2017). Cyberheroes: An Interactive Ebook for Improving Children’s Online Privacy. HCI ’17: Proceedings of the 31st British Computer Society Human Computer Interaction Conference. doi:http://dx.doi.org/10.14236/ewic/HCI2017.66

Zhang-Kennedy, L., Baig, K., & Chiasson, S. (2017). Engaging Children About Online Privacy Through Storytelling in an Interactive Comic. HCI ’17: Proceedings of the 31st British Computer Society Human–Computer Interaction Conference. doi:https://doi.org/10.14236/ewic/HCI2017.45

Zhang-Kennedy, L., Biddle, R., & Chiasson, S. (2017). Secure Comics: An Interactive Comic Series for Improving Cyber Security and Privacy. HCI ’17: Proceedings of the 31st British Computer Society Human Computer Interaction Conference. doi:http://dx.doi.org/10.14236/ewic/HCI2017.65

Downloads

Published

2026-01-28

How to Cite

Fahlefi, M. R., Yudatama, U., Sasongko, D., Nuryanto, N., Nugroho, S., & Hendradi, P. (2026). RPG-Based Educational Game for Personal Data Security Awareness in Elementary School Students: A Design and Usability Study. Journal of Information Technology and Cyber Security, 4(1), 16–25. https://doi.org/10.30996/jitcs.133044

Issue

Vol. 4 No. 1 (2026): January

Section

Research Article

License

Copyright (c) 2026 The Author(s)

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

 

Copyright Notice based on COPE (Committee on Publication Ethics) for JITCS: Journal of Information Technology and Cyber Security

  1. Ownership and Copyright:

    1. JITCS: Journal of Information Technology and Cyber Security respects the intellectual property rights of authors. The copyright for individual articles published in JITCS is retained by the respective authors, unless otherwise specified.
    2. The articles published in JITCS are licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License (CC BY-NC-ND 4.0), which permits use and distribution in any medium, provided the original work is properly cited, the use is non-commercial, and no modifications or adaptations are made.
    3. JITCS serves as the initial publisher of the articles, providing them with the first publication platform.

  2. Permissions and Usage:

    1. Distribution for Non-Commercial Purposes: Permitted: Users are allowed to distribute the article for non-commercial purposes, provided the original work is properly cited and no modifications or adaptations are made.
    2. Distribution for Commercial Purposes: Not Permitted: The article may not be distributed for any commercial purposes without obtaining prior written permission from the author(s).
    3. Inclusion in a Collective Work (e.g., Anthology) for Non-Commercial Purposes: Permitted: Users are allowed to include the article in a collective work, such as an anthology, as long as the use is non-commercial and the work remains unchanged.
    4. Inclusion in a Collective Work for Commercial Purposes: Not Permitted: The article may not be included in any collective work or anthology intended for commercial purposes without prior permission from the author(s).
    5. Creation and Distribution of Revised Versions, Adaptations, or Derivative Works (e.g., Translation) for Non-Commercial Purposes: Not Permitted: Users may not create or distribute revised versions, adaptations, or derivative works, including translations, for non-commercial purposes.
    6. Creation and Distribution of Revised Versions, Adaptations, or Derivative Works for Commercial Purposes: Not Permitted: Users may not create or distribute revised versions, adaptations, or derivative works, including translations, for commercial purposes.
    7. Text or Data Mining for Non-Commercial Purposes: Permitted: Users are permitted to engage in text or data mining of the article for non-commercial research purposes, provided the original work is properly attributed.
    8. Text or Data Mining for Commercial Purposes: Not Permitted: Users may not engage in text or data mining of the article for commercial purposes without obtaining explicit permission from the author(s).

  3. Attribution and Citation:

    1. Proper attribution and citation of the published work should be provided when using or referring to content from JITCS. This includes clearly indicating the authors, the title of the article, the journal name (JITCS), the volume/issue number, the publication year, and the article's DOI (Digital Object Identifier) when available.
    2. When adapting or modifying the published content, proper attribution to the original source should be given, and the adapted or modified content should be shared under the same CC BY-NC-ND 4.0 license.

  4. Plagiarism and Copyright Infringement:

    1. JITCS considers plagiarism and copyright infringement as serious ethical violations. Authors are responsible for ensuring that their submitted work is original and does not infringe upon the copyright or intellectual property rights of others.
    2. Any allegations of plagiarism or copyright infringement will be investigated promptly and thoroughly. If proven, appropriate actions, including rejection of the manuscript, retraction of the published article, or other corrective measures, will be taken.

  5. Open Access Licensing:

    1. JITCS supports open access publishing and encourages authors to consider publishing their work under the CC BY-NC-ND 4.0 license to promote the dissemination and use of knowledge in the field of information technology and cyber security.
    2. The specific terms and conditions of the CC BY-NC-ND 4.0 license will be clearly indicated on the published articles.

  6. Policy Review: This Copyright Notice will be periodically reviewed and updated to ensure its continued relevance and compliance with copyright laws, ethical standards, and open access principles in scholarly publishing. Any updates or revisions to the notice will be communicated to the relevant stakeholders.

By adhering to this Copyright Notice, JITCS aims to protect the rights of authors, promote proper attribution and citation practices, and facilitate the responsible and legal use of the published content in accordance with the CC BY-NC-ND 4.0 license.