skip to main content


Title: Validating a Concept Inventory for Cybersecurity
We evaluate the validity of the Cybersecurity Concept Inventory for assessing student knowledge of core cybersecurity concepts after a first course on the topic.  more » « less
Award ID(s):
1819521
NSF-PAR ID:
10185558
Author(s) / Creator(s):
Date Published:
Journal Name:
MS Thesis, University of Illinois, Champaign-Urbana
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Cybersecurity expertise continues to be relevant as a means to confront threats and maintain vital infrastructure in our increasingly digitized world. Public and private initiatives have prioritized building a robust and qualified cybersecurity workforce, requiring student buy-in. However, cybersecurity education typically remains siloed even within computer and information technology (CIT) curriculum. This paper's goal is to support endeavors and strategies of outreach to encourage interest in cybersecurity. To this end, we conducted a survey of 126 CIT students to investigate student perceptions of cybersecurity and its major crosscutting concepts (CCs). The survey also investigates the prevalence of preconceptions of cybersecurity that may encourage or dissuade participation of people from groups underrepresented in computing. Regardless of prior learning, we found that students perceive cybersecurity as a relatively important topic in CIT. We found student perspectives on conceptual foundations of cybersecurity were significantly different (p < .05) than when simply asked about "cybersecurity," indicating many students don't have an accurate internal construct of the field. Several previously studied preconceptions of cybersecurity were reported by participants, with one misconception - that cybersecurity "requires advanced math skills" - significantly more prevalent in women than men (p < .05). Based on our findings, we recommend promoting cybersecurity among post-secondary students by incorporating elements of cybersecurity into non-cybersecurity CIT courses, informed by pedagogical strategies previously used for other topics in responsible computing. 
    more » « less
  2. CYBERSECURITY AND LOCAL GOVERNMENT Learn to secure your local government’s networks with this one-of-a-kind resource In Cybersecurity and Local Government, a distinguished team of researchers delivers an insightful exploration of cybersecurity at the level of local government. The book makes a compelling argument that every local government official, elected or otherwise, must be reasonably knowledgeable about cybersecurity concepts and provide appropriate support for it within their governments. It also lays out a straightforward roadmap to achieving those objectives, from an overview of cybersecurity definitions to descriptions of the most common security challenges faced by local governments. The accomplished authors specifically address the recent surge in ransomware attacks and how they might affect local governments, along with advice as to how to avoid and respond to these threats. They also discuss the cybersecurity law, cybersecurity policies that local government should adopt, the future of cybersecurity, challenges posed by Internet of Things, and much more. Throughout, the authors provide relevant field examples, case studies of actual local governments, and examples of policies to guide readers in their own application of the concepts discussed within. Cybersecurity and Local Government also offers: A thorough introduction to cybersecurity generally, including definitions of key cybersecurity terms and a high-level overview of the subject for non-technologists. A comprehensive exploration of critical information for local elected and top appointed officials, including the typical frequencies and types of cyberattacks. Practical discussions of the current state of local government cybersecurity, with a review of relevant literature from 2000 to 2021. In-depth examinations of operational cybersecurity policies, procedures and practices, with recommended best practices. Perfect for local elected and top appointed officials and staff as well as local citizens, Cybersecurity and Local Government will also earn a place in the libraries of those studying or working in local government with an interest in cybersecurity. 
    more » « less
  3. null (Ed.)
    Cybersecurity has rapidly emerged as a grand societal challenge of the 21st century. Innovative solutions to proactively tackle emerging cybersecurity challenges are essential to ensuring a safe and secure society. Artificial Intelligence (AI) has rapidly emerged as a viable approach for sifting through terabytes of heterogeneous cybersecurity data to execute fundamental cybersecurity tasks, such as asset prioritization, control allocation, vulnerability management, and threat detection, with unprecedented efficiency and effectiveness. Despite its initial promise, AI and cybersecurity have been traditionally siloed disciplines that relied on disparate knowledge and methodologies. Consequently, the AI for Cybersecurity discipline is in its nascency. In this article, we aim to provide an important step to progress the AI for Cybersecurity discipline. We first provide an overview of prevailing cybersecurity data, summarize extant AI for Cybersecurity application areas, and identify key limitations in the prevailing landscape. Based on these key issues, we offer a multi-disciplinary AI for Cybersecurity roadmap that centers on major themes such as cybersecurity applications and data, advanced AI methodologies for cybersecurity, and AI-enabled decision making. To help scholars and practitioners make significant headway in tackling these grand AI for Cybersecurity issues, we summarize promising funding mechanisms from the National Science Foundation (NSF) that can support long-term, systematic research programs. We conclude this article with an introduction of the articles included in this special issue. 
    more » « less
  4. Cybersecurity workforce development is the key to protecting information and information systems, and yet more than 30% of companies are short on security expertise. To address this need, the current authors have developed four cybersecurity education games to teach social engineering, secure online behavior, cyber defense methods, and cybersecurity first principles. These games are intended to recruit the next generation cybersecurity workforce by developing an innovative cybersecurity curriculum and pedagogical methods to provide high school students with hands-on activities in a game-based learning environment. Purdue University Northwest (PNW) offered high school summer camps for 181 high school students in June of 2016 and June of 2017. Out of 181 high school participants, 107 were underrepresented minority students, including African Americans, Hispanics, Asians, and Native Americans. To evaluate the effectiveness of the cybersecurity education games, post-camp surveys were conducted with 154 camp participants. The survey results indicated that the games were very effective in cybersecurity awareness training. Furthermore, the cybersecurity education games were more effective for male students than female students in raising student interest in computer science and cybersecurity. 
    more » « less
  5. An inter-collegiate research team completed initial research analysis of 166 professional cybersecurity workers from government and industry to identify talent profiles aligned four roles within the Protect and Defend (PD) NICE Workforce Framework: Cybersecurity Defense Analyst, Cybersecurity Defense Infrastructure Responder, Cybersecurity Incident Responder and Cybersecurity Vulnerability Assessment Analyst. Anonymized data collected from multiple teams with performance assessments to build a statistically validated profiles of high potential PD cybersecurity candidates. The World of Work Inventory (WOWI) a multi-dimensional on-line career tool, assesses career training potential, job satisfaction indicators and career interests. Anonymized, aggregated ranked data described profiles of existing high performing candidates working in the field. Utilization of a statistically validated methodology to identify cybersecurity talent at different phases of an individual’s career life cycle supports recruitment of high potential talent from diverse backgrounds to increase the numbers of candidates entering cybersecurity education and training programs. 
    more » « less