Integrating security in the computer science curriculum

Siraj, Ambareen; Taylor, Blair; Kaza, Siddarth; Ghafoor, Sheikh

doi:10.1145/2766457

Cited by 20 publications

(7 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One approach suggested ways to incorporate security courses into the computer science curriculum [26,27]. Later studies discussed an approach for integrating security concepts into several existing courses in the regular curriculum [28]. Some studies even showed how secure coding concepts, like integer overflow, buffer overflow, and input validation, could be introduced into introductory computer science courses [29].…”

Section: Infusing Cybersecurity Into Computer Science Curricula or Coursesmentioning

confidence: 99%

Cybersecurity Awareness Framework for Academia

2021

View full text Add to dashboard Cite

Cybersecurity is a multifaceted global phenomenon representing complex socio-technical challenges for governments and private sectors. With technology constantly evolving, the types and numbers of cyberattacks affect different users in different ways. The majority of recorded cyberattacks can be traced to human errors. Despite being both knowledge- and environment-dependent, studies show that increasing users’ cybersecurity awareness is found to be one of the most effective protective approaches. However, the intangible nature, socio-technical dependencies, constant technological evolutions, and ambiguous impact make it challenging to offer comprehensive strategies for better communicating and combatting cyberattacks. Research in the industrial sector focused on creating institutional proprietary risk-aware cultures. In contrast, in academia, where cybersecurity awareness should be at the core of an academic institution’s mission to ensure all graduates are equipped with the skills to combat cyberattacks, most of the research focused on understanding students’ attitudes and behaviors after infusing cybersecurity awareness topics into some courses in a program. This work proposes a conceptual Cybersecurity Awareness Framework to guide the implementation of systems to improve the cybersecurity awareness of graduates in any academic institution. This framework comprises constituents designed to continuously improve the development, integration, delivery, and assessment of cybersecurity knowledge into the curriculum of a university across different disciplines and majors; this framework would thus lead to a better awareness among all university graduates, the future workforce. This framework may be adjusted to serve as a blueprint that, once adjusted by academic institutions to accommodate their missions, guides institutions in developing or amending their policies and procedures for the design and assessment of cybersecurity awareness.

show abstract

Section: Infusing Cybersecurity Into Computer Science Curricula or Coursesmentioning

confidence: 99%

Cybersecurity Awareness Framework for Academia

2021

View full text Add to dashboard Cite

show abstract

“…Several researchers (Rowe et al, 2011;Siraj et al, 2015) have reported that the HEIs' cybersecurity programmes in the EU, despite the adopted strategies, are emphasising cybersecurity-policy planning, compliance audits, and other skills, which ultimately have less impact on the security position of an organisation than the tasks enabled by a deep technical background. They also point out the lack of a university department able to teach security and the lack of teaching resources.…”

Section: An Overview Of Previous Workmentioning

confidence: 99%

Changing the landscape of cybersecurity education in the EU: Will the new approach produce the required cybersecurity skills?

Blažič

2021

Educ Inf Technol

View full text Add to dashboard Cite

Recruiting, retaining, and maintaining sufficient numbers of cybersecurity professionals in the workplace is a constant battle, not only for the technical side of cybersecurity, but also for the overlooked area of non-technical, managerial-related jobs in the cyber sector. The problem is the lack of cybersecurity skills in the European labour force. This paper presents the results of a study carried out with the aim to identify how much the cybersecurity education system within the high-level educational institutions and the industrial sector meets the needs for graduate students to gain the required cybersecurity skills. The method applied in the study is based on data collected from surveys carried out by the European competence centres on cybersecurity and the European Cybersecurity organisation. The problem of common educational program accreditation in Europe is highlighted and discussed. The actions undertaken to improve the education in both sectors are described and the emerging educational landscape is commented. The main cybersecurity knowledge specified by the industrial needs is presented in the form of five knowledge pillars. The study’s findings show that there are missing topics in high-level institution’s cybersecurity programs and that that there is a need to re-shape the content of the courses provided by the professional education providers.

show abstract

“…Authors of [20] teach security with locally hosted VMs. Projects SecKnitKit [21] and SEED [22] provide VMs with labs for guided teaching of security topics. Some SEED labs were ported into Labtainers, a training framework based on Docker containers to allow easier use [23].…”

Section: B Learning Environments For Cybersecurity Trainingmentioning

confidence: 99%

Toolset for Collecting Shell Commands and Its Application in Hands-on Cybersecurity Training

Švábenský

Vykopal

Tovarňák

et al. 2021

2021 IEEE Frontiers in Education Conference (FIE)

View full text Add to dashboard Cite

This Full Paper in the Innovative Practice category presents and evaluates a technical innovation for handson classes. When learning cybersecurity, operating systems, or networking, students perform practical tasks using a broad range of command-line tools. Collecting and analyzing data about the command usage can reveal valuable insights into how students progress and where they make mistakes. However, few learning environments support recording and inspecting command-line inputs, and setting up an efficient infrastructure for this purpose is challenging. To aid engineering and computing educators, we share the design and implementation of an open-source toolset for logging commands that students execute on Linux machines. Compared to basic solutions, such as shell history files, the toolset's novelty and added value are threefold. First, its configuration is automated so that it can be easily used in classes on different topics. Second, it collects metadata about the command execution, such as a timestamp, hostname, and IP address. Third, all data are instantly forwarded to central storage in a unified, semi-structured format. This enables automated processing of the data, both in real-time and post hoc, to enhance the instructors' understanding of student actions. The toolset works independently of the teaching content, the training network's topology, or the number of students working in parallel. We demonstrated the toolset's value in two learning environments at four training sessions. Over two semesters, 50 students played educational cybersecurity games using a Linux command-line interface. Each training session lasted approximately two hours, during which we recorded 4439 shell commands. The semiautomated data analysis revealed different solution patterns, used tools, and misconceptions of students. Our insights from creating the toolset and applying it in teaching practice are relevant for instructors, researchers, and developers of learning environments. We provide the software and data resulting from this work so that others can use them in their hands-on classes.

show abstract

Integrating security in the computer science curriculum

Cited by 20 publications

References 6 publications

Cybersecurity Awareness Framework for Academia

Cybersecurity Awareness Framework for Academia

Changing the landscape of cybersecurity education in the EU: Will the new approach produce the required cybersecurity skills?

Toolset for Collecting Shell Commands and Its Application in Hands-on Cybersecurity Training

Contact Info

Product

Resources

About