The digital transformation taking place in society is changing social behavior. Technical developments must be understood and designed in an acceptable user-friendly way. In line with the General Data Protection Regulation (GDPR) of the European Union (EU), information security (IS) must be in place for the use of mobile devices and services, in particular IS by design and IS by default. Nevertheless, the significant and associated hazards of abuse and organized crime must be prevented. Information security awareness (ISA) is a necessary response to the challenges ahead. IS and ISA must be an integrated part of these agendas. The goal of IS is to protect information of all types and origins. Psychologically based research shows that a systemic approach might be helpful in raising awareness. This is where game-based learning (GBL) comes into play. Psycho-logical studies show the great importance of emotionalizing when communicating IS knowledge and the reliable exchange of experience about IS. A new integration of analog serious games and different learning methods, called awareness training 3.0, is needed as a means to incorporate knowledge transfer, emotiona-lity, and team-based applications. This paper summarizes impor-tant scientific findings, transfers them to the practice of IS train-ings, and discusses examples.