Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Related Work
Method of Conducting the Review
Research Questions
Full Text Reading and Data Extraction
Limitations
Results
How Are the Collected Data Analyzed?
Discussion and Conclusions
Summary of the Observed Trends
Implications of This Literature Review
References
All Topics
Political Science
International Relations

What Are Cybersecurity Education Papers About?

Profile image of Valdemar ŠvábenskýValdemar Švábenský

2020, Proceedings of the 51st ACM Technical Symposium on Computer Science Education

https://doi.org/10.1145/3328778.3366816
visibility

description

7 pages

link

1 file

Abstract

Cybersecurity is now more important than ever, and so is education in this field. However, the cybersecurity domain encompasses an extensive set of concepts, which can be taught in different ways and contexts. To understand the state of the art of cybersecurity education and related research, we examine papers from the ACM SIGCSE and ACM ITiCSE conferences. From 2010 to 2019, a total of 1,748 papers were published at these conferences, and 71 of them focus on cybersecurity education. The papers discuss courses, tools, exercises, and teaching approaches. For each paper, we map the covered topics, teaching context, evaluation methods, impact, and the community of authors. We discovered that the technical topic areas are evenly covered (the most prominent being secure programming, network security, and offensive security), and human aspects, such as privacy and social engineering, are present as well. The interventions described in SIGCSE and ITiCSE papers predominantly focus on tertiary education in the USA. The subsequent evaluation mostly consists of collecting students' subjective perceptions via questionnaires. However, less than a third of the papers provide supplementary materials for other educators, and none of the authors published their dataset. Our results provide orientation in the area, a synthesis of trends, and implications for further research. Therefore, they are relevant for instructors, researchers, and anyone new in the field of cybersecurity education. The information we collected and synthesized from individual papers are organized in a publicly available dataset.

Related papers

Pedagogical Approach to Effective Cybersecurity Teaching
Martin Serpell

Transactions on Edutainment XV

Initial research ruled out many factors that were thought may correlate to student academic performance. Finally, a strong correlation was found between their academic performance and their motivation. Following on from this research teaching practice was restructured to improve student motivation, engagement, and interest in cybersecurity by contextualizing teaching material with current real-world scenarios. This restructuring led to a very significant improvement in student academic performance, engagement and interest in cybersecurity. Students were found to attend more of their lectures and practical sessions and that this had a strong positive correlation with their academic performance.

View PDFchevron_right
Education in Cybersecurity
Dumitru Ciorba

Central and Eastern European eDem and eGov Days, 2022

The article addresses education as the smartest investment in cybersecurity. One of the most intriguing findings is that 95% of security incidents involve human errors. Most security attacks are concerned with human weakness to attract victims and persuade them to give involuntary access to personal and sensitive information. To eliminate errors caused by social engineering and negligence and to increase users’ awareness of the threats, technologies and services should be combined with education. Education in the field of cybersecurity is a necessary consideration for both individuals and families, as well as for businesses, governments and educational institutions. For families and parents, the online safety of children is of major importance. Equally essential is the protection of information that might affect your personal finances, and precious family assets, such as photos, videos etc. For educational institutions, it is important to understand the link between the online world...

View PDFchevron_right
Course Development in the Cybersecurity Curriculum
Janusz Zalewski

2019

The paper offers a discussion of fundamental concepts of cybersecurity, aimed at use in technical education at the college level. After outlining some of the existing approaches to curriculum design, as presented in guidelines developed by professional organizations, the authors address the issue of teaching basic concepts and principles of cybersecurity, with examples from their own courses in the undergraduate software engineering program at

View PDFchevron_right
Challenges and reflections in designing Cyber security curriculum
Henrique Santos

2017 IEEE World Engineering Education Conference (EDUNINE)

Recently it has been noticed an increased number of cyber-incidents, sometimes causing seriously impact to organizations and governments. Cyberattacks exploits a variety of technological and social vulnerabilities to achieve a malicious objective. The emergence of new and sophisticated Cyberthreats demand very skilled operators with a solid knowledge about concepts and technologies related to Cybersecurity and Cyberdefense. However, the landscape of this base knowledge is very diverse in nature, requiring agile learning methods, besides a very demanding training process limited by the intrinsic technology's complexity and broad range of application domains. Although existing Cybersecurity and Cyberdefense curricula spans a wide array of topics and training strategies, its programs content lack focus on some particular aspect, like depth of education/training and its link to professional development. This paper intends to provide some reflections regarding the curricula contents that should be considered when a graduate level curriculum in cybersecurity is designed.

View PDFchevron_right
Three Reasons for Improving Cybersecurity Instruction and Practice in Schools
elaine reeder

2018

Information security, or cybersecurity, has become a critical field for modern society. While they may not seem it, schools are a critical battleground for these cybersecurity issues. On the business side, schools maintain sensitive records about students and parents that would be a treasure trove for identity thieves. In their classrooms, high-speed Internet connections and the adoption of 1-to-1 computing and the Internet of Things make school networks an appealing target for hackers looking to build botnets. Meanwhile, the instruction provided is expected to prepare all students with the necessary skills to be productive in a cyber-centric society and encourage a few of them to become the cyber guardians of tomorrow. This paper is a thought-piece intended to raise educator awareness of cybersecurity issues by exploring the world of cybersecurity and providing three reasons why schools should take cybersecurity issues seriously in their administration and their classrooms. The fie...

View PDFchevron_right
Developing and Implementing a Cybersecurity Course for Middle School
Hillary Fleenor

2019

Investing in raising a generation with more security-aware minds is vital in preventing many of the security incidents that threaten individuals, organizations, businesses and nations today. In addition, there is a high need for well-trained cybersecurity professionals to protect our networks, computer systems, and infrastructure. Early exposure to basic cybersecurity concerns and concepts is key to developing awareness, piquing student interest, and laying foundation for more complex skill development. In this work, authors present their work developing a middle school cybersecurity curriculum for U.S. grade 8 students. This includes standards, objectives, and lessons for implementation within a year-long business and computer science course. The authors also share their experience and results from piloting the curriculum with nearly sixty grade 8 students in two classes at a Title I middle school in Columbus, GA during the 2017–2018 school year. A comparison of pre and post test r...

View PDFchevron_right
National Cybersecurity Education: Bridging Defense to Offense
Maurice Dawson

Land Forces Academy Review, 2020

Defense Secretary Robert Gates approved the creation of a unified cyber command under the Obama Administration that was focused on cyber operations. This organization was to oversee the protection of government networks against cyber threats known and unknown. Coupled with growing attacks on national infrastructure, digital theft of intellectual property, and election meddling has the United States government actively working to develop cybersecurity talent. Some of the changes that have come as a result are more specialized degree program accreditation, technical frameworks, and policies to help usher this realization of the need to address the shortage of talent for today's mission.

View PDFchevron_right
Educational modules and research surveys on critical cybersecurity topics
Lixin Wang

International Journal of Distributed Sensor Networks, 2020

Cybersecurity comprised all the technologies and practices that protect data as well as computer and network systems. In this article, we develop four course modules on critical cybersecurity topics that can be adopted in college-level cybersecurity courses in which these topics are covered. Our goal for developing these course modules with the hands-on labs is to increase students’ understanding and hands-on experiences on these critical topics that support cyber skills development for college students. The hands-on labs are designed to enhance students’ engagement and provide them hands-on experiences with real-world cyber activities to augment their cyber education of both foundational and advanced skills. We also conduct research surveys on the most-recent significant research in these critical cybersecurity fields. These cybersecurity course modules with the labs are also designed to help college/university professors enhance and update their cybersecurity course content, activ...

View PDFchevron_right
Journal of Homeland Security Education Paradigms for Cybersecurity Education in a Homeland Security
James Ramsay

2014

Cybersecurity threats to the nation are growing in intensity, frequency, and severity and are a very real threat to the security of the country. Academia has responded to a wide variety of homeland security (HS) threats to the nation by creating formal curricula in the field, although these programs almost exclusively focus on physical threats (e.g., terrorist attacks, and natural and man-made disasters), law and policy and transportation. Although cybersecurity programs are commonly available in U.S. colleges and universities, they are invariably offered as a technical course of study nested within engineering (or other STEM) programs. We observe that technical and calculus-based courses might not be well suited to HS students and do not necessarily meet a broad suite of professional needs in this discipline. As a result, cybersecurity principles, and strategies tend to be under-represented in the typical HS program. This paper proposes paradigms that could be included in a cyberse...

View PDFchevron_right
Pedagogic Challenges in Teaching Cyber Security -- a UK Perspective
Harjinder Lallie

arXiv (Cornell University), 2014

Cyber security has become an issue of national concern in the UK, USA and many other countries worldwide. Universities have reacted to this by launching numerous cyber security degree programmes. In this paper we explore the structure of these degrees and in particular highlight the challenges faced by academics teaching on them. We explore the issues relating to student expectations and the CSI effect in students entering cyber security. We highlight the science vs tools debate to bring focus to some of the pedagogic tensions between students/industry and the academics who teach on the degree courses. Cyber security is subject to numerous ethical issues and nowhere is this more so than in a university environment. We analyse some of the ethical teaching related issues in cyber security. This paper will be of interest to professionals in industry as well as academics interested in exploring the shape, flavour and structure of cyber security related degree courses and also the challenges presented to the academics that teach these degrees.

View PDFchevron_right

References (47)

  1. Brett A. Becker and Keith Quille. 2019. 50 Years of CS1 at SIGCSE: A Review of the Evolution of Introductory Programming Education Research. In Proceedings of the 50th ACM Technical Symposium on Computer Science Education (SIGCSE '19). ACM, New York, NY, USA, 338-344. https://doi.org/10.1145/3287324.3287432
  2. Tanner J. Burns, Samuel C. Rios, Thomas K. Jordan, Qijun Gu, and Trevor Un- derwood. 2017. Analysis and Exercises for Engaging Beginners in Online CTF Competitions for Security Education. In 2017 USENIX Workshop on Advances in Security Education (ASE 17). USENIX Association, Vancouver, BC, 9. https: //www.usenix.org/conference/ase17/workshop-program/presentation/burns
  3. Krzysztof Cabaj, Dulce Domingos, Zbigniew Kotulski, and Ana Respício. 2018. Cybersecurity education: Evolution of the discipline and analysis of master programs. Computers & Security 75 (2018), 24-35. https://doi.org/10.1016/j.cose. 2018.01.015
  4. Justin Cappos and Richard Weiss. 2014. Teaching the Security Mindset with Reference Monitors. In Proceedings of the 45th ACM Technical Symposium on Computer Science Education (SIGCSE '14). ACM, New York, NY, USA, 523-528. https://doi.org/10.1145/2538862.2538939
  5. Benedict Chukuka and Michael Locasto. 2016. A Survey of Ethical Agreements in Information Security Courses. In Proceedings of the 47th ACM Technical Sym- posium on Computing Science Education (SIGCSE '16). ACM, New York, NY, USA, 479-484. https://doi.org/10.1145/2839509.2844580
  6. Pranita Deshpande and Irfan Ahmed. 2019. Topological Scoring of Concept Maps for Cybersecurity Education. In Proceedings of the 50th ACM Technical Symposium on Computer Science Education (SIGCSE '19). ACM, New York, NY, USA, 731-737. https://doi.org/10.1145/3287324.3287495
  7. Michael H. Dunn and Laurence D. Merkle. 2018. Assessing the Impact of a National Cybersecurity Competition on Students' Career Interests. In Proceedings of the 49th ACM Technical Symposium on Computer Science Education (SIGCSE '18). ACM, New York, NY, USA, 62-67. https://doi.org/10.1145/3159450.3159462
  8. Serge Egelman, Julia Bernd, Gerald Friedland, and Dan Garcia. 2016. The Teaching Privacy Curriculum. In Proceedings of the 47th ACM Technical Symposium on Computing Science Education (SIGCSE '16). ACM, New York, NY, USA, 591-596. https://doi.org/10.1145/2839509.2844619
  9. Damjan Fujs, Anže Mihelič, and Simon L. R. Vrhovec. 2019. The Power of Interpretation: Qualitative Methods in Cybersecurity Research. In Proceedings of the 14th International Conference on Availability, Reliability and Security (ARES '19). ACM, New York, NY, USA, 92:1-92:10. https://doi.org/10.1145/3339252.3341479
  10. Binto George, Martha Klems, and Anna Valeva. 2013. A Method for Incorporating Usable Security into Computer Security Courses. In Proceeding of the 44th ACM Technical Symposium on Computer Science Education (SIGCSE '13). ACM, New York, NY, USA, 681-686. https://doi.org/10.1145/2445196.2445395
  11. Sara Hooshangi, Richard Weiss, and Justin Cappos. 2015. Can the Security Mindset Make Students Better Testers?. In Proceedings of the 46th ACM Technical Symposium on Computer Science Education (SIGCSE '15). ACM, New York, NY, USA, 404-409. https://doi.org/10.1145/2676723.2677268
  12. Petri Ihantola, Arto Vihavainen, Alireza Ahadi, Matthew Butler, Jürgen Börstler, Stephen H. Edwards, Essi Isohanni, Ari Korhonen, Andrew Petersen, Kelly Rivers, Miguel Ángel Rubio, Judy Sheard, Bronius Skupas, Jaime Spacco, Claudia Szabo, and Daniel Toll. 2015. Educational Data Mining and Learning Analytics in Programming: Literature Review and Case Studies. In Proceedings of the 2015 ITiCSE on Working Group Reports (ITICSE-WGR '15). ACM, New York, NY, USA, 41-63. https://doi.org/10.1145/2858796.2858798
  13. ISC) 2 . 2018. Cybersecurity Professionals Focus on Developing New Skills as Work- force Gap Widens. Technical Report. Cybersecurity Workforce Study.
  14. Ge Jin, Manghui Tu, Tae-Hoon Kim, Justin Heffron, and Jonathan White. 2018. Game Based Cybersecurity Training for High School Students. In Proceedings of the 49th ACM Technical Symposium on Computer Science Education (SIGCSE '18). ACM, New York, NY, USA, 68-73. https://doi.org/10.1145/3159450.3159591
  15. Association for Computing Machinery (ACM) Joint Task Force on Comput- ing Curricula and IEEE Computer Society. 2013. Computer Science Curricula 2013: Curriculum Guidelines for Undergraduate Degree Programs in Computer Science. ACM, New York, NY, USA. https://doi.org/10.1145/2534860
  16. Joint Task Force on Cybersecurity Education. 2017. Cybersecurity Curricular Guideline. Retrieved November 25, 2019 from http://cybered.acm.org/
  17. Keith S. Jones, Akbar Siami Namin, and Miriam E. Armstrong. 2018. The Core Cyber-Defense Knowledge, Skills, and Abilities That Cybersecurity Students Should Learn in School: Results from Interviews with Cybersecurity Professionals. ACM Trans. Comput. Educ. 18 (2018), 11:1-11:12. https://doi.org/10.1145/3152893
  18. Niakam Kazemi and Shiva Azadegan. 2010. IPsecLite: A Tool for Teaching Security Concepts. In Proceedings of the 41st ACM Technical Symposium on Computer Science Education (SIGCSE '10). ACM, New York, NY, USA, 138-142. https: //doi.org/10.1145/1734263.1734312
  19. Hieke Keuning, Johan Jeuring, and Bastiaan Heeren. 2018. A Systematic Literature Review of Automated Feedback Generation for Programming Exercises. ACM Trans. Comput. Educ. 19, 1 (Sept. 2018), 3:1-3:43. https://doi.org/10.1145/3231711
  20. Barbara Kitchenham and Stuart Charters. 2007. Guidelines for performing Sys- tematic Literature Reviews in Software Engineering. Technical Report. EBSE.
  21. J Richard Landis and Gary G Koch. 1977. The measurement of observer agreement for categorical data. Biometrics 33, 1 (1977), 159-174.
  22. Andrew Luxton-Reilly, Simon, Ibrahim Albluwi, Brett A. Becker, Michail Gian- nakos, Amruth N. Kumar, Linda Ott, James Paterson, Michael James Scott, Judy Sheard, and Claudia Szabo. 2018. Introductory Programming: A Systematic Liter- ature Review. In Proceedings Companion of the 23rd Annual ACM Conference on Innovation and Technology in Computer Science Education (ITiCSE 2018 Compan- ion). ACM, New York, NY, USA, 55-106. https://doi.org/10.1145/3293881.3295779
  23. Jun Ma, Jun Tao, Jean Mayo, Ching-Kuang Shene, Melissa Keranen, and Chaoli Wang. 2016. AESvisual: A Visualization Tool for the AES Cipher. In Proceedings of the 2016 ACM Conference on Innovation and Technology in Computer Science Education (ITiCSE '16). ACM, New York, NY, USA, 230-235. https://doi.org/10. 1145/2899415.2899425
  24. Naja A. Mack, Kevin Womack, Earl W. Huff Jr., Robert Cummings, Negus Dowling, and Kinnis Gosha. 2019. From Midshipmen to Cyber Pros: Training Minority Naval Reserve Officer Training Corp Students for Cybersecurity. In Proceedings of the 50th ACM Technical Symposium on Computer Science Education (SIGCSE '19). ACM, New York, NY, USA, 726-730. https://doi.org/10.1145/3287324.3287500
  25. Lauri Malmi. 2015. Can We Show an Impact? ACM Inroads 6, 1 (Feb. 2015), 30-31. https://doi.org/10.1145/2727129
  26. Monique Mezher and Ahmed Ibrahim. 2019. Introducing Practical SHA-1 Colli- sions to the Classroom. In Proceedings of the 50th ACM Technical Symposium on Computer Science Education (SIGCSE '19). ACM, New York, NY, USA, 879-884. https://doi.org/10.1145/3287324.3287446
  27. Allen Parrish, John Impagliazzo, Rajendra K. Raj, Henrique Santos, Muham- mad Rizwan Asghar, Audun Jøsang, Teresa Pereira, and Eliana Stavrou. 2018. Global Perspectives on Cybersecurity Education for 2030: A Case for a Meta- discipline. In Proceedings Companion of the 23rd Annual ACM Conference on Innovation and Technology in Computer Science Education (ITiCSE 2018 Compan- ion). ACM, New York, NY, USA, 36-54. https://doi.org/10.1145/3293881.3295778
  28. Kai Petersen, Robert Feldt, Shahid Mujtaba, and Michael Mattsson. 2008. Sys- tematic Mapping Studies in Software Engineering. In Proceedings of the 12th International Conference on Evaluation and Assessment in Software Engineer- ing (EASE'08). BCS Learning & Development Ltd., Swindon, UK, 68-77. http: //dl.acm.org/citation.cfm?id=2227115.2227123
  29. Kai Petersen, Sairam Vakkalanka, and Ludwik Kuzniarz. 2015. Guidelines for conducting systematic mapping studies in software engineering: An update. Information and Software Technology 64 (2015), 1 -18. https://doi.org/10.1016/j. infsof.2015.03.007
  30. Computing Research and Education Association of Australasia. 2016. CORE. Retrieved November 25, 2019 from http://www.core.edu.au/
  31. Khaled Salah. 2014. Harnessing the Cloud for Teaching Cybersecurity. In Proceed- ings of the 45th ACM Technical Symposium on Computer Science Education (SIGCSE '14). ACM, New York, NY, USA, 529-534. https://doi.org/10.1145/2538862.2538880
  32. Michael Skirpan, Jacqueline Cameron, and Tom Yeh. 2018. Quantified Self: An Interdisciplinary Immersive Theater Project Supporting a Collaborative Learning Environment for CS Ethics. In Proceedings of the 49th ACM Technical Symposium on Computer Science Education (SIGCSE '18). ACM, New York, NY, USA, 946-951. https://doi.org/10.1145/3159450.3159574
  33. Madiha Tabassum, Stacey Watson, Bill Chu, and Heather Richter Lipford. 2018. Evaluating Two Methods for Integrating Secure Programming Education. In Proceedings of the 49th ACM Technical Symposium on Computer Science Educa- tion (SIGCSE '18). ACM, New York, NY, USA, 390-395. https://doi.org/10.1145/ 3159450.3159511
  34. Blair Taylor and Siddharth Kaza. 2011. Security Injections: Modules to Help Students Remember, Understand, and Apply Secure Coding Techniques. In Proceedings of the 16th Annual Joint Conference on Innovation and Technology in Computer Science Education (ITiCSE '11). ACM, New York, NY, USA, 3-7. https://doi.org/10.1145/1999747.1999752
  35. Clark Taylor, Pablo Arias, Jim Klopchic, Celeste Matarazzo, and Evi Dube. 2017. CTF: State-of-the-Art and Building the Next Generation. In 2017 USENIX Work- shop on Advances in Security Education (ASE 17). USENIX Association, Van- couver, BC, 11. https://www.usenix.org/conference/ase17/workshop-program/ presentation/taylor
  36. Cynthia Taylor and Saheel Sakharkar. 2019. ');
  37. DROP TABLE Textbooks;-: An Argument for SQL Injection Coverage in Database Textbooks. In Proceedings of the 50th ACM Technical Symposium on Computer Science Education (SIGCSE '19). ACM, New York, NY, USA, 191-197. https://doi.org/10.1145/3287324.3287429
  38. Maxim Timchenko and David Starobinski. 2015. A Simple Laboratory Environ- ment for Real-World Offensive Security Education. In Proceedings of the 46th ACM Technical Symposium on Computer Science Education (SIGCSE '15). ACM, New York, NY, USA, 657-662. https://doi.org/10.1145/2676723.2677225
  39. Giovanni Vigna, Kevin Borgolte, Jacopo Corbetta, Adam Doupé, Yanick Fratan- tonio, Luca Invernizzi, Dhilung Kirat, and Yan Shoshitaishvili. 2014. Ten Years of iCTF: The Good, The Bad, and The Ugly. In 2014 USENIX Summit on Gam- ing, Games, and Gamification in Security Education (3GSE 14). USENIX Associ- ation, San Diego, CA, 7. https://www.usenix.org/conference/3gse14/summit- program/presentation/vigna
  40. James Walker, Man Wang, Steven Carr, Jean Mayo, and Ching-Kuang Shene. 2019. Teaching Integer Security Using Simple Visualizations. In Proceedings of the 2019 ACM Conference on Innovation and Technology in Computer Science Education (ITiCSE '19). ACM, New York, NY, USA, 513-519. https://doi.org/10. 1145/3304221.3319760
  41. Man Wang, Steve Carr, Jean Mayo, Ching-Kuang Shene, and Chaoli Wang. 2014. MLSvisual: A Visualization Tool for Teaching Access Control Using Multi-level Security. In Proceedings of the 2014 Conference on Innovation and Technology in Computer Science Education (ITiCSE '14). ACM, New York, NY, USA, 93-98. https://doi.org/10.1145/2591708.2591730
  42. Man Wang, Jean Mayo, Ching-Kuang Shene, Steve Carr, and Chaoli Wang. 2017. UNIXvisual: A Visualization Tool for Teaching UNIX Permissions. In Proceedings of the 2017 ACM Conference on Innovation and Technology in Computer Science Education (ITiCSE '17). ACM, New York, NY, USA, 194-199. https://doi.org/10. 1145/3059009.3059031
  43. Man Wang, Jean Mayo, Ching-Kuang Shene, Thomas Lake, Steve Carr, and Chaoli Wang. 2015. RBACvisual: A Visualization Tool for Teaching Access Control Using Role-based Access Control. In Proceedings of the 2015 ACM Conference on Innovation and Technology in Computer Science Education (ITiCSE '15). ACM, New York, NY, USA, 141-146. https://doi.org/10.1145/2729094.2742627
  44. Michael Whitney, Heather Lipford-Richter, Bill Chu, and Jun Zhu. 2015. Em- bedding Secure Coding Instruction into the IDE: A Field Study in an Ad- vanced CS Course. In Proceedings of the 46th ACM Technical Symposium on Computer Science Education (SIGCSE '15). ACM, New York, NY, USA, 60-65. https://doi.org/10.1145/2676723.2677280
  45. Le Xu, Dijiang Huang, and Wei-Tek Tsai. 2012. V-lab: A Cloud-based Virtual Laboratory Platform for Hands-on Networking Courses. In Proceedings of the 17th ACM Annual Conference on Innovation and Technology in Computer Science Education (ITiCSE '12). ACM, New York, NY, USA, 256-261. https://doi.org/10. 1145/2325296.2325357
  46. Maximilian Zinkus, Oliver Curry, Marina Moore, Zachary Peterson, and Zoë J. Wood. 2019. Fakesbook: A Social Networking Platform for Teaching Security and Privacy Concepts to Secondary School Students. In Proceedings of the 50th ACM Technical Symposium on Computer Science Education (SIGCSE '19). ACM, New York, NY, USA, 892-898. https://doi.org/10.1145/3287324.3287486
  47. Valdemar Švábenský, Jan Vykopal, and Pavel Čeleda. 2019. Dataset: What Are Cybersecurity Education Papers About? A Systematic Literature Review of SIGCSE and ITiCSE Conferences. Zenodo. https://doi.org/10.5281/zenodo.3506640

Related papers

What Are Cybersecurity Education Papers About? A Systematic Literature Review of SIGCSE and ITiCSE Conferences
Valdemar Švábenský

2020

Cybersecurity is now more important than ever, and so is education in this field. However, the cybersecurity domain encompasses an extensive set of concepts, which can be taught in different ways and contexts. To understand the state of the art of cybersecurity education and related research, we examine papers from the ACM SIGCSE and ACM ITiCSE conferences. From 2010 to 2019, a total of 1,748 papers were published at these conferences, and 71 of them focus on cybersecurity education. The papers discuss courses, tools, exercises, and teaching approaches. For each paper, we map the covered topics, teaching context, evaluation methods, impact, and the community of authors. We discovered that the technical topic areas are evenly covered (the most prominent being secure programming, network security, and offensive security), and human aspects, such as privacy and social engineering, are present as well. The interventions described in SIGCSE and ITiCSE papers predominantly focus on tertiary education in the USA. The subsequent evaluation mostly consists of collecting students' subjective perceptions via questionnaires. However, less than a third of the papers provide supplementary materials for other educators, and none of the authors published their dataset. Our results provide orientation in the area, a synthesis of trends, and implications for further research. Therefore, they are relevant for instructors, researchers, and anyone new in the field of cybersecurity education. The information we collected and synthesized from individual papers are organized in a publicly available dataset.

View PDFchevron_right
Cybersecurity Education: The need for a top-driven, multidisciplinary, school-wide approach
Lucy Tsado

2019

The human resource skills gap in cybersecurity has created an opportunity for educational institutions interested in cybersecurity education. The current number of schools designated by the Department of Homeland Security (DHS) and National Security Agency (NSA) as Centers of Academic Excellence (CAE) to train cybersecurity experts are not sufficient to meet the shortfall in the industry. The DHS has clearly mapped out knowledge areas for cybersecurity education for both technical and non-technical disciplines; it is therefore possible for institutions not yet designated CAEs to generate cybersecurity experts, with the longterm goal of attaining the CAE designation. The purpose of this paper is to emphasize the need for a topdriven, multidisciplinary approach to cybersecurity education especially at schools that have not yet been designated as Centers for Academic Excellence. The paper also suggests a multi-faceted approach and the important considerations needed to achieve a succes...

View PDFchevron_right
Cyber Security Curriculum Initiative.docx
Jeff Hearn, Aljeane (AJ) Alfiler, Qingzhao Li, Ravi Patadiya, Paul Brooks, Lydia Zeman

Data breaches and increased regulatory compliance are driving the need for cyber security managers and technicians to fill positions that did not exist several years ago. To support the requirements of an ever-growing cyber security workforce, Cyber Security and Information Assurance Master of Science cohort 14 (CSIA) Team One, identified a global need for basic education in cyber security. This is partly because there is not enough interest in cyber security by K-12 students. Science, Technology, Engineering, and Math (STEM) education in America is designed to focus on developing scientists and engineers, not cyber security specialists, and thus, K-12 educators are not adequately trained in cyber security. They remain focused on teaching traditional STEM subjects. The new curriculum provides for lessons to be introduced during the 2016-2017, and will focus on ethics and defensive cyber security basics that could be used as a collaborative pilot program in local San Diego middle and high schools. One sample unit would be introduced into the curriculum. This instruction is subject to continuous improvement by future cohorts, and is meant to bridge the educational gap and prepare students to participate in Capture the Flag (CTF) events, certification, or to encourage degree work at a community college. Long-range employment plans could be a goal as well. Team One presents a survey of academic source works, government documents and highly regarded commercial or professional reports in the field. Multidisciplinary topics include information management, computer technology, ethics, curriculum design, and career development. Keywords: Capture the Flag (CTF); cyber ethics; cybersecurity, cyber security; cyber security curriculum; cyber workforce; Next Generation Science Standards, (NGSS); Science, Technology, Engineering and Math (STEM), National Institute for Cyber Education (NICE).

View PDFchevron_right
Global perspectives on cybersecurity education for 2030: a case for a meta-discipline
Henrique Santos

Proceedings Companion of the 23rd Annual ACM Conference on Innovation and Technology in Computer Science Education

Information security has been an area of research and teaching within various computing disciplines in higher education almost since the beginnings of modern computers. The need for security in computing curricula has steadily grown over this period. Recently, with an emerging global crisis, because of the limitations of security within the nascent information technology infrastructure, the field of "cybersecurity" is emerging with international interest and support. Recent evolution of cybersecurity shows that it has begun to take shape as a true academic perspective, as opposed to simply being a training domain for certain specialized jobs. This report starts from the premise that cybersecurity is a "meta-discipline." That is, cybersecurity is used as an aggregate label for a wide variety of similar disciplines, much in the same way that the terms "engineering" and "computing" are commonly used. Thus, cybersecurity should be formally interpreted as a meta-discipline with a variety of disciplinary variants, also characterized through a generic competency model. The intention is that this simple organizational concept will improve the clarity with which the field matures, resulting in improved standards and goals for many different types of cybersecurity programs.

View PDFchevron_right
Cybersecurity: new trainings for new threats Pierre Parrend, session 'Education and expertise on cybersecurity' A portfolio for cybersecurity training
Pierre Parrend

Cybersecurity training becomes year after year more critical: as digitalization spreads in all spheres of civic, professional and social life, threats are both more insistent-as in so-called 'president extortions'-and more diffuse-as in ransomware. It is therefore urgent to focus training efforts on a general audience, on the one hand, and various trades, on the other hand, on actual risks bound with cybersecurity. We will present several examples of cybersecurity training covering this news stakes, as well as associated pedagogies: MOOCs, cyber-training platforms, lab session for administration of cybersecurity in industrial contexts, audit projects. The evolution of threats Cybersecurity training becomes year after year more critical: as digitalization spreads in all spheres of civic, professional and social life, threats are both more insistent-as in so-called 'president extortions'-and more diffuse-as in ransomware. The four categories of threats organisations currently face are the named financial extortion, site destruction, web site abuses and, officially since the BSI annual report for 2015 [BSI2015], physical site destruction. Site destruction has come to the centre of awareness since 9/11 on the one hand, and Katrina Hurricane, on the other. These two dramatic events initiated an area of massive Business recovery and continuity planning. Massive web site abuses have come to light after the low technology but quantitatively impressive attacks following terrorist attacks of January 2015 known as OpFrance: more than 20000 web sites have been reportedly been corrupted. Destruction of physical sites is a reality for civilian infrastructures since the burning of a foundry in Germany, even though it was already reported in diplomatic or military conflicts beforehand , as the Stuxnet case leading to destruction of centrifuge machines in Iran in 2010, or the explosion of a pipeline in Turkey in 2009. For all these reasons, the traditional approach to Cybersecurity teaching focusing on cryptography and network security urgently needs to be complemented by a new portfolio of cybersecurity trainings: cryptographic tools are nowadays available to the broad public and more than 70% of vulnerabilities are discovered at the application level. Training efforts now need to be strengthened on actual risks bound with cybersecurity. IT professionals must be trained to master the security issues of the tools they are implementing and deploying: software projects, liabilities and best practices in the health, bank, industry domains, as well as operational execution of security audits supporting day after day an improvement of cyber health of organisations and enterprises. Cybersecurity trainings should from now on encompass the full stack of security requirements of our organisations: sensibilization, web applications security, IoT security, risk analysis with a specific focus on connected physical infrastructures, and training for security audits. Sensibilization programs need to be target both at a broad audience, but also at top management and accounting teams who are regular targets for social engineering attacks [Puhakainen2010]. Programs are to be very specific to their target audience: Actual and perceived threats as well as efficient reactions may differ from continent to continents. Ransomware, president attacks, web exploit are relevant to all countries, but their prevalence, available government support for reaction and disclosure policies accepted by clients and partners are very heterogeneous from one location to

View PDFchevron_right

Related topics

  • Computer Science
  • Offensive Realism

    • Cited by

    Creating a Multifarious Cyber Science Major
    Jean Blair

    Proceedings of the 52nd ACM Technical Symposium on Computer Science Education

    Existing approaches to computing-based cyber undergraduate majors typically take one of two forms: a broad exploration of both technical and human aspects, or a deep technical exploration of a single discipline relevant to cybersecurity. This paper describes the creation of a third approach-a multifarious major, consistent with Cybersecurity Curricula 2017, the ABET Cybersecurity Program Criteria, and the National Security Agency Center for Academic Excellence-Cyber Operations criteria. Our novel curriculum relies on a 10-course common foundation extended by one of five possible concentrations, each of which is delivered through a disciplinary lens and specialized into a highly relevant computing interest area serving society's diverse cyber needs. The journey began years ago when we infused cybersecurity education throughout our programs, seeking to keep offerings and extracurricular activities relevant in society's increasingly complex relationship with cyberspace. This paper details the overarching design principles, decision-making process, benchmarking, and feedback elicitation activities. A surprising key step was merging several curricula proposals into a single hybrid option. The new major attracted a strong initial cohort, meeting our enrollment goals and exceeding our diversity goals. We provide several recommendations for any institution embarking on a process of designing a new cyber-named major. CCS CONCEPTS • Applied computing → Education.

    View PDFchevron_right
    Human Factors in Cybersecurity: A Scoping Review
    Dr. Rohani Rohan

    The 12th International Conference on Advances in Information Technology, 2021

    Humans are often considered to be the weakest link in the cybersecurity chain. However, traditionally the Computer Science (CS) researchers have investigated the technical aspects of cybersecurity, focusing on the encryption and network security mechanisms. The human aspect although very important is often neglected. In this work we carry out a scoping review to investigate the take of the CS community on the human-centric cybersecurity paradigm by considering the top conferences on network and computer security for the past six years. Results show that broadly two types of users are considered: expert and non-expert users. Qualitative techniques dominate the research methodology employed, however, there is a lack of focus on the theoretical aspects. Moreover, the samples have a heavy bias towards the Western community, due to which the results cannot be generalized, and the effect of culture on cybersecurity is a lesser known aspect. Another issue is with respect to the unavailabil...

    View PDFchevron_right
    Learn to Train Like You Fight
    Anna-Liisa Ojala

    International Journal of Adult Education and Technology

    This qualitative study includes nine semi-structured interviews with cybersecurity experts from different security-related organizations who are familiar with cybersecurity exercises. Its contribution to cybersecurity workforce development focuses on organizational learning rather than individual skills development and relevant competencies. It was found that the utilization of thematic analysis methods develop individual readiness and expertise. It also enhances the maturity of an organization's processes, roles, communication, and exercise capabilities. Moreover, the exercises increase social trust between individuals and organizations through business-to-business cooperation. However, there were several barriers and challenges in utilizing learned skills and competencies within an organization, including a need to increase the capacity of staff members who participate in the exercise.

    View PDFchevron_right
    Exploring the Frontiers of Cybersecurity Behavior: A Systematic Review of Studies and Theories
    Afrah Almansoori

    Applied Sciences

    Cybersecurity procedures and policies are prevalent countermeasures for protecting organizations from cybercrimes and security incidents. Without considering human behaviors, implementing these countermeasures will remain useless. Cybersecurity behavior has gained much attention in recent years. However, a systematic review that provides extensive insights into cybersecurity behavior through different technologies and services and covers various directions in large-scale research remains lacking. Therefore, this study retrieved and analyzed 2210 articles published on cybersecurity behavior. The retrieved articles were then thoroughly examined to meet the inclusion and exclusion criteria, in which 39 studies published between 2012 and 2021 were ultimately picked for further in-depth analysis. The main findings showed that the protection motivation theory (PMT) dominated the list of theories and models examining cybersecurity behavior. Cybersecurity behavior and intention behavior cou...

    View PDFchevron_right
    Inclusive Group Work Assessment for Cybersecurity
    William Joseph Spring

    Proceedings of the 2023 Conference on Innovation and Technology in Computer Science Education V. 2

    This poster presents an ongoing study that takes a diverse and inclusive approach to designing a practical group work assessment for an undergraduate cybersecurity course delivered to third year university cohorts. Students were given the choice to either work individually or as part of a group to complete the assignment in virtual laboratories. The study evaluates how student grouping preferences change when the teaching structure adapts in response to the the Covid-19 pandemic and how grouping preference impacts upon academic performance. Students reflected positively on the assignment and demonstrated a preference for treating group information as private. No disputes regarding group marks or contributions from different group members arose despite the number of groups involved. Students have taken responsibility for their choices and have accepted the outcomes of their teamwork.

    View PDFchevron_right
    580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved