Cited By
View all- Mahmood SChadhar MFirmin S(2024)Addressing Cybersecurity Challenges in Times of Crisis: Extending the Sociotechnical Systems PerspectiveApplied Sciences10.3390/app14241161014:24(11610)Online publication date: 12-Dec-2024
Layering Sociotechnical Cybersecurity Concepts Within Project-Based Learning
Pages 406 - 418
Abstract
Motivation: The increasing volume and frequency of cyberattacks have made it necessary that all computing professionals be proficient in security principles. Concurrently, modern technology poses greater threats to privacy, making it important that technological solutions be developed to respect end-user privacy preferences and comply with privacy-related laws and regulations. Just as considering security and privacy must be an integral part of developing any technological solution, teaching security and privacy ought to be a required aspect of computer science education. Objective: We set out to demonstrate that a project-based capstone experience provides an effective mechanism for teaching the foundations of security and privacy. Method: We developed ten learning modules designed to introduce and sensitize students to foundational sociotechnical concepts related to the security and privacy aspects of modern technology. We delivered the modules in the treatment sections of a two-term capstone course involving the development of software solutions for external clients. We asked the students in the course to apply the concepts covered in the modules to their projects. Control sections of the course were taught without the modules as usual. We evaluated the effectiveness of the modules by administering pre-treatment and post-treatment assessments of cybersecurity knowledge and collecting written student reflections after the delivery of each module. Results: We found that the students in the treatment condition exhibited statistically significant increases in their knowledge of foundational security and privacy concepts compared to those in the control condition without the modules. Further, student reflections indicate that they appreciated the content of the modules and were readily able to apply the concepts to their projects. Discussion: The modules we developed facilitate embedding the teaching of security and privacy within any project-based learning experience. Embedding cybersecurity instruction within capstone experiences can help create a software workforce that is more knowledgeable about sociotechnical cybersecurity principles.
References
[1]
Joni K. Adkins and Cindy Tu. 2019. Applying an agile approach in an information systems capstone course. Information Systems Education Journal 17, 3 (2019), 41–49. https://isedj.org/2019-17/n3/ISEDJv17n3p41.html
[2]
Douglas G. Bonett and Thomas A. Wright. 2015. Cronbach’s alpha reliability: Interval estimation, hypothesis testing, and sample size planning. Journal of Organizational Behavior 36, 1 (2015), 3–15. https://doi.org/10.1002/job.1960
[3]
Virginia Braun, Victoria Clarke, Nikki Hayfield, and Gareth Terry. 2019. Thematic Analysis. In Handbook of Research Methods in Health Social Sciences, Pranee Liamputtong (Ed.). Springer Singapore, Singapore, 843–860. https://doi.org/10.1007/978-981-10-5251-4_103
[4]
Jack Cable. 2019. Every Computer Science Degree Should Require a Course in Cybersecurity. Harvard Business Review (Aug 2019), 5 pages. https://hbr.org/2019/08/every-computer-science-degree-should-require-a-course-in-cybersecurity Accessed: 2023-08-18.
[5]
Yu Cai. 2018. Using Case Studies to Teach Cybersecurity Courses. Journal of Cybersecurity Education, Research, and Practice 2018, 2 (Dec 2018), 24 pages. https://doi.org/10.62915/2472-2707.1041
[6]
CloudPassage. 2016. CloudPassage Study Finds U.S. Universities Failing in Cybersecurity Education. https://web.archive.org/web/20160522051120/https://www.cloudpassage.com/company/press-releases/cloudpassage-study-finds-u-s-universities-failing-cybersecurity-education/ Accessed: 2024-06-13.
[7]
Tom Crick, James H. Davenport, Paul Hanna, Alastair Irons, and Tom Prickett. 2020. Overcoming the Challenges of Teaching Cybersecurity in UK Computer Science Degree Programmes. In 2020 IEEE Frontiers in Education Conference(FIE). IEEE, New York, NY, 1–9. https://doi.org/10.1109/FIE44824.2020.9274033
[8]
William Crumpler and James A. Lewis. 2019. The Cybersecurity Workforce Gap. Center for Strategic & International Studies (2019), 10 pages. https://www.csis.org/analysis/cybersecurity-workforce-gap Accessed: 2024-06-13.
[9]
CyberEdge Group LLC. 2022. 2022 Cyberthreat Defense Report. https://cyber-edge.com/cyberthreat-defense-report-2022/ Accessed: 2024-06-13.
[10]
Serge Egelman and Eyal Peer. 2015. Scaling the Security Wall: Developing a Security Behavior Intentions Scale (SeBIS). In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (Seoul, Republic of Korea) (CHI ’15). Association for Computing Machinery, New York, NY, USA, 2873–2882. https://doi.org/10.1145/2702123.2702249
[11]
Stephen O. Ekolu and Harry Quainoo. 2019. Reliability of assessments in engineering education using Cronbach’s alpha, KR and split-half methods. Global Journal of Engineering Education 21, 1 (2019), 24–29. http://www.wiete.com.au/journals/GJEE/Publish/vol21no1/03-Ekolu-S.pdf
[12]
Darren Gergle and Desney S. Tan. 2014. Experimental Research in HCI. In Ways of Knowing in HCI, Judith S. Olson and Wendy A. Kellog (Eds.). Springer, New York, NY, 210–211. https://doi.org/10.1007/978-1-4939-0378-8_9
[13]
Barney G. Glaser and Anselm L. Strauss. 1967. The discovery of grounded theory: Strategies for qualitative research. Routledge, New York, NY. https://doi.org/10.4324/9780203793206
[14]
Jan Hajny, Sara Ricci, Edmundas Piesarskas, Olivier Levillain, Letterio Galletta, and Rocco De Nicola. 2021. Framework, Tools and Good Practices for Cybersecurity Curricula. IEEE Access 9 (2021), 94723–94747. https://doi.org/10.1109/ACCESS.2021.3093952
[15]
John Grady Hall, Abhinav Mohanty, Pooja Murarisetty, Ngoc Diep Nguyen, Julio César Bahamón, Harini Ramaprasad, and Meera Sridhar. 2022. Criminal Investigations: An Interactive Experience to Improve Student Engagement and Achievement in Cybersecurity Courses. In Proceedings of the 53rd ACM Technical Symposium on Computer Science Education - Volume 1 (Providence, RI, USA) (SIGCSE 2022). Association for Computing Machinery, New York, NY, USA, 696–702. https://doi.org/10.1145/3478431.3499417
[16]
John Hattie. 2009. The Nature of the Evidence. In Visible learning. Routledge, New York, NY, Chapter 2, 7–21. https://doi.org/10.4324/9780203887332-8
[17]
Gregory W. Hislop, Heidi J.C. Ellis, S. Monisha Pulimood, Becka Morgan, Suzanne Mello-Stark, Ben Coleman, and Cam Macdonell. 2015. A Multi-Institutional Study of Learning via Student Involvement in Humanitarian Free and Open Source Software Projects. In Proceedings of the Eleventh Annual International Conference on International Computing Education Research (Omaha, Nebraska, USA) (ICER ’15). Association for Computing Machinery, New York, NY, USA, 199–206. https://doi.org/10.1145/2787622.2787726
[18]
Joint Task Force on Cybersecurity Education. 2017. Cybersecurity curricular guidelines: CSEC 2017. https://cybered.hosting.acm.org/wp/ Accessed: 2024‑06‑13.
[19]
Frank H. Katz. 2018. Breadth vs. Depth: Best Practices Teaching Cybersecurity in a Small Public University Sharing Models. The Cyber Defense Review 3, 2 (2018), 65–72. https://cyberdefensereview.army.mil/CDR-Content/Articles/Article-View/Article/1620289
[20]
Kenneth R. Koedinger, Paulo F. Carvalho, Ran Liu, and Elizabeth A. McLaughlin. 2023. An astonishing regularity in student learning rate. Proceedings of the National Academy of Sciences 120, 13 (2023), 11 pages. https://doi.org/10.1073/pnas.2221311120
[21]
Kees Leune and Salvatore J. Petrilli. 2017. Using Capture-the-Flag to Enhance the Effectiveness of Cybersecurity Education. In Proceedings of the 18th Annual Conference on Information Technology Education (Rochester, New York, USA) (SIGITE ’17). Association for Computing Machinery, New York, NY, USA, 47–52. https://doi.org/10.1145/3125659.3125686
[22]
Natarajan Meghanathan, Hyunju Kim, and Loretta A. Moore. 2012. Incorporation of Aspects of Systems Security and Software Security in Senior Capstone Projects. In 2012 Ninth International Conference on Information Technology - New Generations. IEEE ITNG, New York, NY, 319–324. https://doi.org/10.1109/ITNG.2012.54
[23]
Allen Parrish, John Impagliazzo, Rajendra K. Raj, Henrique Santos, Muhammad Rizwan Asghar, Audun Jøsang, Teresa Pereira, and Eliana Stavrou. 2018. Global perspectives on cybersecurity education for 2030: A case for a meta-discipline. In Proceedings Companion of the 23rd Annual ACM Conference on Innovation and Technology in Computer Science Education (Larnaca, Cyprus) (ITiCSE 2018 Companion). Association for Computing Machinery, New York, NY, USA, 36–54. https://doi.org/10.1145/3293881.3295778
[24]
Brian H. Spitzberg. 2006. Preliminary Development of a Model and Measure of Computer-Mediated Communication (CMC) Competence. Journal of Computer-Mediated Communication 11, 2 (2006), 629–666. https://doi.org/10.1111/j.1083-6101.2006.00030.x
[25]
Ying Tang, Morgan L. Brockman, and Sameer Patil. 2021. Promoting Privacy Considerations in Real-World Projects in Capstone Courses with Ideation Cards. ACM Trans. Comput. Educ. 21, 4, Article 34 (Oct 2021), 28 pages. https://doi.org/10.1145/3458038
[26]
Mohsen Tavakol and Reg Dennick. 2011. Making sense of Cronbach’s alpha. International Journal of Medical Education 2 (2011), 53. https://doi.org/10.5116/ijme.4dfb.8dfd
[27]
Blair Taylor and Siddharth Kaza. 2016. Security Injections@Towson: Integrating Secure Coding into Introductory Computer Science Courses. ACM Trans. Comput. Educ. 16, 4, Article 16 (Jun 2016), 20 pages. https://doi.org/10.1145/2897441
[28]
Saara Tenhunen, Tomi Männistö, Matti Luukkainen, and Petri Ihantola. 2023. A systematic literature review of capstone courses in software engineering. Information and Software Technology 159 (2023), 21 pages. https://doi.org/10.1016/j.infsof.2023.107191
[29]
Robert Thomas. 2016. Behind the Numbers on Why Universities Lag Behind in Cybersecurity Education. https://web.archive.org/web/20190516182303/https://blog.cloudpassage.com/2016/04/13/behind-numbers-universities-lag-behind-cybersecurity-education/ Accessed: 2024-06-13.
[30]
U.S. National Security Agency / Central Security Service. 2023. National Centers of Academic Excellence in Cybersecurity. https://www.nsa.gov/Academics/Centers-of-Academic-Excellence/ Accessed: 2024-06-13.
[31]
Sander Valstar, Caroline Sih, Sophia Krause-Levy, Leo Porter, and William G. Griswold. 2020. A Quantitative Study of Faculty Views on the Goals of an Undergraduate CS Program and Preparing Students for Industry. In Proceedings of the 2020 ACM Conference on International Computing Education Research (Virtual Event, New Zealand) (ICER ’20). Association for Computing Machinery, New York, NY, USA, 113–123. https://doi.org/10.1145/3372782.3406277
[32]
Jari Vanhanen, Timo O. A. Lehtinen, and Casper Lassenius. 2012. Teaching real-world software engineering through a capstone project course with industrial customers. In 2012 First International Workshop on Software Engineering Education Based on Real-World Experiences(EduRex ’12). IEEE, New York, NY, 29–32. https://doi.org/10.1109/EduRex.2012.6225702
[33]
Chuan Yue. 2016. Teaching Computer Science With Cybersecurity Education Built-in. In 2016 USENIX Workshop on Advances in Security Education (ASE ‘16). USENIX Association, Austin, TX, 8 pages. https://www.usenix.org/conference/ase16/workshop-program/presentation/yue
Index Terms
- Layering Sociotechnical Cybersecurity Concepts Within Project-Based Learning
Recommendations
Enhancing Cybersecurity Education Using POGIL (Abstract Only)
SIGCSE '17: Proceedings of the 2017 ACM SIGCSE Technical Symposium on Computer Science EducationThis poster presents our NSF collaborative project "Enhancing Cybersecurity Education Using POGIL". Although the POGIL (Process Oriented Guided Inquiry Learning) instructional approach has been used and evaluated in science and engineering disciplines, ...
A Capstone Design Project for Teaching Cybersecurity to Non-technical Users
SIGITE '16: Proceedings of the 17th Annual Conference on Information Technology EducationThis paper presents a multi-year undergraduate computing capstone project that holistically contributes to the development of cybersecurity knowledge and skills in non-computing high school and college students. We describe the student-built Vulnerable ...
Development and Analysis of a Spiral Theory-based Cybersecurity Curriculum: (Abstract Only)
SIGCSE '18: Proceedings of the 49th ACM Technical Symposium on Computer Science EducationThe current emphasis on cybersecurity worldwide, demonstrates the importance of this topic. This poster describes a unique NSF funded project that aims to create cybersecurity education opportunities at Virginia Tech (VT). It is a collaborative effort ...
Comments
Information & Contributors
Information
Published In
August 2024
539 pages
ISBN:9798400704758
DOI:10.1145/3632620
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 12 August 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
Conference
ICER 2024
Sponsor:
ICER 2024: ACM Conference on International Computing Education Research
August 13 - 15, 2024
VIC, Melbourne, Australia
Acceptance Rates
Overall Acceptance Rate 189 of 803 submissions, 24%
Upcoming Conference
ICER 2025
- Sponsor:
- sigcse
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 188Total Downloads
- Downloads (Last 12 months)188
- Downloads (Last 6 weeks)57
Reflects downloads up to 03 Jan 2025
Other Metrics
Citations
Cited By
View all- Mahmood SChadhar MFirmin S(2024)Addressing Cybersecurity Challenges in Times of Crisis: Extending the Sociotechnical Systems PerspectiveApplied Sciences10.3390/app14241161014:24(11610)Online publication date: 12-Dec-2024
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in