Behaviour change is difficult to achieve and there are many models identifying the factors to affect such change but few have been applied in the security domain. This paper discusses the use of serious games to improve the security behaviour of end-users. A new framework, based upon literature findings, is proposed for future game design. The trust and privacy issues related to using serious games for improving security awareness and behaviour are highlighted.