Search for: All records

Undergraduate Computer Science (CS) curricular guidelines have been published regularly since 1968, and the latest released in 2013. From early 2021, a task force of the ACM, IEEE-Computer Society, and the Association for the Advancement of Artificial Intelligence (AAAI) has worked on a decennial revision titled the ACM/IEEE-CS/AAAI Computer Science 2023 Curricula (CS2023). The CS2023 task force includes a 17-member steering committee, 17 knowledge area subcommittees, and an international group of disciplinary experts. CS2023 provides curricular content – a knowledge model largely backward compatible with CS2013, supplemented by a competency model – and curricular practices, comprising articles by independent experts on program design and delivery that complement curricular content guidelines. CS2023 will inform educators and administrators on the what, why, and how to cover undergraduate CS over the next decade. Ongoing work on CS2023 has been disseminated widely over the past two years: via the task force website; presentations at computing education conferences, e.g., SIGCSE Technical Symposium 2023; articles, e.g., ACM Inroads; emails to various computing education mailing lists; gathering community feedback via surveys and special sessions; and soliciting and receiving expert blind peer reviews. Building on earlier drafts, a gamma draft was released in September 2023, with the final version due by the end of 2023. This panel examines CS2023 from different perspectives. All panelists serve on the CS2023 steering committee and have an intimate understanding of CS2023. The moderator will lay out its overall vision and structure while panelists will emphasize three major perspectives of CS education: software development fundamentals; systems development; and the increased role of societal, ethical, and professional aspects crucial to a modern CS graduate. Strong interdependencies exist between these perspectives, along with tensions arising from how much can be squeezed into a tight undergraduate CS curriculum. Attendees will take home an understanding of the approach taken by the CS2023 task force, the constraints on curriculum design, and how best to use the CS2023 guidelines to educate the next generation of CS graduates. 

Games and competitions enhance student engagement and help improve hands-on learning of computing concepts. Focusing on targeted goals, competitions provide a sense of community and accomplishment among students, fostering peer-learning opportunities. Despite these benefits of motivating and enhancing student learning, the impact of competitions on curricular learning outcomes has not been sufficiently studied. For institutional or program accreditation, understanding the extent to which students achieve course or program learning outcomes is essential, and helps in establishing continuous improvement processes for the program curriculum. Utilizing the Collegiate Cyber Defense Competition (CCDC), a curricular assessment was conducted for an undergraduate cybersecurity program at a US institution. This archetypal competition was selected as it provides an effective platform for broader program learning outcomes, as students need to: (1) function in a team and communicate effectively (teamwork and communication skills); (2) articulate technical information to non-technical audiences (communication skills); (3) apply excellent technical and non-technical knowledge (design and analysis skills applied to problem-solving); and (4) function well under adversity (real-world problem-solving skills). Using data for both students who competed and who did not, student progress was tracked over five years. Preliminary analysis showed that these competitions made marginally-interested students become deeply engaged with the curriculum; broadened participation among women who became vital to team success by showcasing their technical and management skills; and pushed students to become self-driven, improving their academic performance and career placements. This experience report also reflects on what was learned and outlines the next steps for this work. 

The release of the Information Technology (IT) 2017 curricular guidelines provided the impetus to focus on students’ professional competencies by incorporating authentic practice into disciplinary content. Authentic practices require appropriate learning experiences such as workplace-bound experiences, employer engagement with programs via paid internships, and critical reflection on what was learned. Both professional technical and non-technical skills must be emphasized for such authenticity. However, practical assessment of the learning of professional competencies remains challenging. This paper develops such a practical assessment approach to IT competencies. It builds on the industry-led Skills Framework for the Information Age (SFIA) that defines over 120 IT professional skills across seven levels of responsibility and experience. SFIA provides actionable and measurable activities and behaviors, which IT graduates need to demonstrate in the workplace. The paper explores the assessment of student performance on authentic, real-world tasks using a rubric-based scoring scheme supported by a systematic collection of sample student work over their time in the program. It concludes with a discussion of the validation of the proposed approach to demonstrate its practicality. 

The Computing Curricula 2020 (CC2020) report, issued by the ACM and IEEE Computer Society, identified knowledge, skills, and dispositions as the three main components of competency for undergraduate programs in computer engineering, computer science, cybersecurity, information systems, information technology, and software engineering, as well as data science. As earlier generations of curricular guidelines in computing have described knowledge and skills to some extent, the notion of dispositions is relatively new to computing. Dispositions are cultivable behaviors, such as adaptability, meticulousness, and self-directedness, that are desirable in the workplace. Multiple employer surveys and interviews confirm that dispositions are as crucial for success in the workplace as the knowledge and skills students develop in their academic programs of study. As such, the CC2020 report describes eleven dispositions that are expected of competent computing graduates. These are distinct and separate from the technical knowledge and disciplinary skills of computing and engineering. Dispositions are also distinct from baseline or cross-disciplinary skills, such as critical thinking, problem-solving, teamwork, and communication. In contrast, dispositions are inherently human characteristics that describe individual qualities and behavioral patterns that lead to professional success. Dispositions are learnable, not necessarily teachable. This work-in-progress paper motivates dispositions within computing disciplines and presents the background of this approach. It also discusses the use of reflection exercises and vignettes in understanding, promoting, and fostering behavioral patterns that undergraduate computing students identify as related to dispositions they experience in the course. Preliminary data and results from the study are also presented. 

Program accreditation in medical or religious professions has existed since the 1800s while accreditation of business and engineering programs started in the early twentieth century. With this long history, these disciplines have focused on ensuring the competence of their graduates, as modern society demands appropriate expertise from doctors and engineers before letting them practice their profession. In computing, however, professional accreditation started in the last decades of the twentieth century only after computer science, informatics, and information systems programs became widespread. At the same time, although competency-based learning has existed for centuries, its growth in computing is relatively new, resulting from recent curricular reports such as Computing Curricula 2020, which have defined competency comprising knowledge, skills, and dispositions. In addition, demands are being placed on university programs to ensure their graduates are ready to enter and sustain employment in the computing profession. This work explores the role of accreditation in forming and developing professional competency in non-computing disciplines worldwide, building on this understanding to see how computing accreditation bodies could play a similar role in computing. This work explores the role of accreditation in forming and developing professional competency in non-computing disciplines worldwide, building on this understanding to see how computing accreditation bodies could play a similar role in computing. Its recommendations are to incorporate competencies in all computing programs and future curricular guidelines; create competency-based models for computing programs; involve industry in identifying workplace competencies, and ensure accreditation bodies include competencies and the assessment in their standards. 

Penetration testing is a key practice toward engineering secure software. Malicious actors have many tactics at their disposal, and software engineers need to know what tactics attackers will prioritize in the first few hours of an attack. Projects like MITRE ATT&CK™ provide knowledge, but how do people actually deploy this knowledge in real situations? A penetration testing competition provides a realistic, controlled environment with which to measure and compare the efficacy of attackers. In this work, we examine the details of vulnerability discovery and attacker behavior with the goal of improving existing vulnerability assessment processes using data from the 2019 Collegiate Penetration Testing Competition (CPTC). We constructed 98 timelines of vulnerability discovery and exploits for 37 unique vulnerabilities discovered by 10 teams of penetration testers. We grouped related vulnerabilities together by mapping to Common Weakness Enumerations and MITRE ATT&CK™. We found that (1) vulnerabilities related to improper resource control (e.g., session fixation) are discovered faster and more often, as well as exploited faster, than vulnerabilities related to improper access control (e.g., weak password requirements), (2) there is a clear process followed by penetration testers of discovery/collection to lateral movement/pre-attack. Our methodology facilitates quicker analysis of vulnerabilities in future CPTC events. 

Smart Internet of Healthcare Things (IoHT) have the potential to transform patient care dramatically at reduced cost. The reality, however, is that there are serious security and privacy concerns that prevent this goal from being accomplished. The vast amounts of data being generated need to be kept secure to prevent harm to patients' health and privacy. For example, a cyberattack on heart rates data could cause patients to be over- or under-prescribed, causing severe consequences, including death. In this new environment, not ensuring a proper digital chain of custody leads to digital forensics challenges that could impact a criminal or malpractice investigation. This project explores enhancements needed to ensure security and privacy when IoHT are to be used in healthcare. A model is proposed to ensure a secure digital chain of custody for IoHT using database auditing techniques. The current status of the proposed concept and future directions are also discussed. 

In the past decade, academic computing curricular guidelines have shifted from specifying knowledge and occasionally technical skills to establishing the overall competence expected of graduates. For instance, Computing Curricula 2020 (CC2020) guidelines identify competency as knowledge, skills, and dispositions where “dispositions” correspond to the behavioral and professional characteristics driven by employer needs and captured by industry-driven frameworks, such as the Skills Framework for the Information Age (SFIA). Computing programs thus must also ensure that graduates have these characteristics to improve initial employment and long-term career prospects. This paper aims to understand and achieve consistency between academia and industry curricular frameworks. The CC2020 dispositions map to the responsibility characteristics for SFIA Level 3, the level appropriate for a new graduate. As the mapping is not one-to-one, the paper reviews the extent to which each SFIA responsibility characteristic requires and enables the CC22020 dispositions, identifying potential shortcomings and, conversely, the importance of each disposition as it supports the responsibility characteristics. The developed mapping is validated by relating the CC2020 dispositions to the SFIA behavioral factors, the principal “21st Century Skills,” and relevant competency-based educational frameworks. Thus, dispositions in competency-focused curricula map to the actual competencies sought by employers. Finally, the paper postulates that future computing curricula must further develop the CC2020 dispositions and relate them to SFIA to guide academic programs in their preparation of career-ready graduates to reduce the current “skills gap”. 

Since the early 21st century, ABET’s accreditation criteria have focused on learning outcomes (what students learn) rather than what professors teach. Such accreditation criteria bring to bear the need for programs to establish clear learning objectives and assessment processes that ensure that program graduates have the requisite technical and professional preparation. To this end, ABET defines student outcomes as “what students are expected to know and be able to do by the time of graduation,” further noting that these outcomes “relate to the knowledge, skills, and behaviors that students acquire as they progress through the program.” With the recent release of Computing Curricula 2020 (CC2020), the competencies of computing program graduates have received additional attention. CC2020 describes competency as “comprising knowledge, skills, and dispositions that are observable in accomplishing a task within a work context.” ABET’s student outcomes thus largely correspond to the CC2020 competencies of program graduates. This paper is a first attempt to reconcile the two notions in the context of computer science. It presents the relevant background and discusses student competencies and their assessments that focus on competency-based learning in computer science. The contributions of this paper are (1) forging an improved shared understanding of computing competencies and (2) an interpretation of ABET’s student outcomes to improve the competency, including dispositions, expectations of computer science graduates. 

Competency-based learning has been a successful pedagogical approach for centuries, but only recently has it gained traction within computing. Competencies, as defined in Computing Curricula 2020, comprise knowledge, skills, and professional dispositions. Building on recent developments in competency and computing education, this working group examined relevant pedagogical theories, investigates various skill frameworks, reviewed competencies and standard practices in other professional disciplines such as medicine and law. It also investigated the integrative nature of content knowledge, skills, and professional dispositions in defining professional competencies in computing education. In addition, the group explored appropriate pedagogies and competency assessment approaches. It also developed guidelines for evaluating student achievement against relevant professional competency frameworks and explores partnering with employers to offer students genuine professional experience. Finally, possible challenges and opportunities in moving from traditional knowledge-based to competency-based education were also examined. This report makes recommendations to inspire educators of future computing professionals and smooth students’ transition from academia to employment.