Cited By
View all- Ben Salamah FPalomino MCraven MPapadaki MFurnell S(2023)An Adaptive Cybersecurity Training Framework for the Education of Social Media Users at WorkApplied Sciences10.3390/app1317959513:17(9595)Online publication date: 24-Aug-2023
Want to Raise Cybersecurity Awareness? Start with Future IT Professionals.
Authors: 
Lydia Kraus, 
Valdemar Švábenský, Martin Horák, Vashek Matyás, Jan Vykopal, Pavel CeledaAuthors Info & Claims
Pages 236 - 242
Abstract
As cyber threats endanger everyone, from regular users to computing professionals, spreading cybersecurity awareness becomes increasingly critical. Therefore, our university designed an innovative cybersecurity awareness course that is freely available online for students, employees, and the general public. The course offers simple, actionable steps that anyone can use to implement defensive countermeasures. Compared to other resources, the course not only suggests learners what to do, but explains why and how to do it. To measure the course impact, we administered it to 138 computer science undergraduates within a compulsory information security and cryptography course. They completed the course as a part of their homework and filled out a questionnaire after each lesson. Analysis of the questionnaire responses revealed that the students valued the course highly. They reported new learning, perspective changes, and transfer to practice. Moreover, they suggested suitable improvements to the course. Based on the results, we have distilled specific insights to help security educators design similar courses. Lessons learned from this study are relevant for cybersecurity instructors, course designers, and educational managers.
References
[1]
Joshua Bolkan. 2017. Education Data Breaches Double in First Half of 2017. https://thejournal.com/articles/2017/09/20/education-data-breaches-double-in-first-half-of-2017.aspx
[2]
Ivano Bongiovanni. 2019. The least secure places in the universe? A systematic literature review on information security management in higher education. Computers & Security, Vol. 86 (2019), 350--357. https://doi.org/10.1016/j.cose.2019.07.003
[3]
Frank Breitinger, Ryan Tully-Doyle, Kristen Przyborski, Lauren Beck, and Ronald S Harichandran. 2021. First year students' experience in a Cyber World course--an evaluation. Education and Information Technologies, Vol. 26, 1 (2021), 1069--1087. https://doi.org/10.1007/s10639-020--10274--5
[4]
John Chapman. 2020. Cyber security in universities and colleges is improving, but there's no room for complacency. https://www.jisc.ac.uk/blog/cyber-security-in-universities-and-colleges-is-improving-but-theres-no-room-for-complacency-20-oct-2020
[5]
Cleveland State University. 2021. Technology Security Cyber Security. https://www.csuohio.edu/technology-security/cyber-security-awareness
[6]
CyberDegrees.org. 2021. Internet Safety and Cybersecurity Awareness for College Students. https://www.cyberdegrees.org/resources/internet-safety-for-college-students/
[7]
Digital Citizen Alliance. 2017. Cyber criminals, college credentials, and the dark web - A security challenge facing U.S. university communities. https://www.digitalcitizensalliance.org/clientuploads/directory/Reports/DigitalCitizens_CollegeInfoTheft.pdf
[8]
Grok Academy. 2021. Schools Cyber Security Challenges. https://aca.edu.au/projects/cyber-challenges
[9]
Julie M. Haney and Wayne G. Lutters. 2017. The Work of Cybersecurity Advocates. In Proceedings of the 2017 CHI Conference Extended Abstracts on Human Factors in Computing Systems (Denver, Colorado, USA) (CHI EA '17). ACM, New York, NY, USA, 1663--1670. https://doi.org/10.1145/3027063.3053134
[10]
IDEO. 2021. Design Thinking Defined. https://designthinking.ideo.com/
[11]
Jaroslav Nekuda. 2021. Ukon?ení studia na Masarykov? univerzit? -- Ohlédnutí a perspektiva 2020. https://is.muni.cz/do/rect/strategie/ver/Ohlednuti_2020_zprava_final_web.pdf
[12]
JISC. 2020. Universities should advise students how to spot scam emails. https://www.jisc.ac.uk/news/universities-should-advise-students-how-to-spot-scam-emails-06-oct-2020
[13]
Eyong B Kim. 2014. Recommendations for information security awareness training for college students. Information Management & Computer Security, Vol. 22 (2014), 115--126. https://doi.org/10.1108/IMCS-01--2013-0005
[14]
Peter Korovessis. 2013. Information Security Awareness in Academia. In Governance, Communication, and Innovation in a Knowledge Intensive Society. IGI Global, Hershey, PA, USA, 88--104. https://doi.org/10.4018/978--1--4666--4157-0.ch008
[15]
Peter Korovessis, Steven Furnell, Maria Papadaki, and Paul Haskell-Dowland. 2017. A toolkit approach to information security awareness and education. Journal of Cybersecurity Education, Research and Practice, Vol. 2017, 2 (2017), 5. https://digitalcommons.kennesaw.edu/jcerp/vol2017/iss2/5
[16]
Lydia Kraus, Valdemar ?vábenský, Martin Horák, Václav Matyá?, Jan Vykopal, and Pavel ?eleda. 2023. Cybersecurity Awareness Course Evaluation Questionnaire. Masaryk University. https://is.muni.cz/publication/2267287/2023-ITiCSE-want-to-raise-cybersecurity-awareness-questionnaire.pdf
[17]
Robert B. Kvavik, John Voloudakis, Judith B. Caruso, Richard N. Katz, Paula King, and Judith A. Pirani. 2003. Information Technology Security: Governance, Strategy, and Practice in Higher Education. https://web.archive.org/web/20060602174244/https://www.educause.edu/ir/library/pdf/ers0305/rs/ers0305w.pdf
[18]
Corinne Lestch. 2017. College IT experts and students have opposing views on cybersecurity. https://web.archive.org/web/20200927114146if_/https://edscoop.com/college-it-experts-and-students-have-opposing-views-on-cybersecurity/
[19]
Masaryk University. 2022. Cybercompass. https://security.muni.cz/en/cybercompass
[20]
Vashek Matyas, Kamil Malinka, Lydia Kraus, Lenka Knapova, and Agata Kruzikova. 2021. Even if users do not read security directives, their behavior is not so catastrophic. Commun. ACM, Vol. 65, 1 (2021), 37--40. https://doi.org/10.1145/3471928
[21]
Quinn McNemar. 1947. Note on the sampling error of the difference between correlated proportions or percentages. Psychometrika, Vol. 12, 2 (1947), 153--157. https://doi.org/10.1007/BF02295996
[22]
Lalitha Muniandy, Balakrishnan Muniandy, and Zarina Samsudin. 2017. Cyber security behaviour among higher education students in Malaysia. J. Inf. Assur. Cyber Secur, Vol. 2017 (2017), 1--13. https://doi.org/10.5171/2017.800299
[23]
Max M North, Roy George, and Sarah M North. 2006. Computer Security and ethics awareness in university environments: A challenge for management of information systems. In Proceedings of the 44th annual Southeast regional conference. ACM, New York, NY, USA, 434--439. https://doi.org/10.1145/1185448.1185544
[24]
Kristen Przyborski, Frank Breitinger, Lauren Beck, and Ronald S Harichandran. 2019. “CyberWorld” as a Theme for a University-wide First-year Common Course. In ASEE Annual Conference & Exposition. ASEE, Tampa, Florida, 14. https://doi.org/10.18260/1--2--31923
[25]
Elissa M Redmiles, Sean Kross, and Michelle L Mazurek. 2016. How I learned to be secure: a census-representative survey of security advice sources and behavior. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, NY, USA, 666--677. https://doi.org/10.1145/2976749.2978307
[26]
Elissa M Redmiles, Noel Warford, Amritha Jayanti, Aravind Koneru, Sean Kross, Miraida Morales, Rock Stevens, and Michelle L Mazurek. 2020. A comprehensive quality evaluation of security and privacy advice on the web. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, USA, 89--108. https://www.usenix.org/conference/usenixsecurity20/presentation/redmiles
[27]
Yacine Rezgui and Adam Marks. 2008. Information security awareness in higher education: An exploratory study. Computers & Security, Vol. 27, 7--8 (2008), 241--253. https://doi.org/10.1016/j.cose.2008.07.008
[28]
Joseph Ricci, Frank Breitinger, and Ibrahim Baggili. 2019. Survey results on adults and cybersecurity education. Education and Information Technologies, Vol. 24, 1 (2019), 231--249. https://doi.org/10.1007/s10639-018--9765--8
[29]
Scott Ruoti, Jeff Andersen, Daniel Zappala, and Kent Seamons. 2015. Why Johnny Still, Still Can't Encrypt: Evaluating the Usability of a Modern PGP Client. https://doi.org/10.48550/ARXIV.1510.08555
[30]
Steve Sheng, Levi Broderick, Colleen Alison Koranda, and Jeremy J Hyland. 2006. Why johnny still can't encrypt: evaluating the usability of email encryption software. In Symposium On Usable Privacy and Security - Poster Session. ACM, New York, NY, USA, 3--4. https://cups.cs.cmu.edu/soups/2006/posters/sheng-poster_abstract.pdf
[31]
Steve Sheng, Mandy Holbrook, Ponnurangam Kumaraguru, Lorrie Faith Cranor, and Julie Downs. 2010. Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. In Proceedings of the SIGCHI conference on human factors in computing systems. ACM, New York, NY, USA, 373--382. https://doi.org/10.1145/1753326.1753383
[32]
Stay Safe Online - NCSA. 2021. How To Stay Safe Online. https://staysafeonline.org/stay-safe-online/
[33]
UC Berkeley. 2021. Berkeley Information Security Office. https://security.berkeley.edu/
[34]
Alma Whitten and J Doug Tygar. 1999. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. In USENIX security symposium, Vol. 348. USENIX Association, Washington, D.C., 169--184. https://www.usenix.org/legacy/events/sec99/full_papers/whitten/whitten_html/index.html
Index Terms
- Want to Raise Cybersecurity Awareness? Start with Future IT Professionals.
Recommendations
Game based Cybersecurity Training for High School Students
SIGCSE '18: Proceedings of the 49th ACM Technical Symposium on Computer Science EducationCybersecurity is critical to the national infrastructure, federal and local government, military, industry, and personal privacy. To defend the U.S. against the cyber threats, a significant demand for skilled cybersecurity workforce is predicted in ...
What Vulnerability Assessment and Management Cybersecurity Professionals Think Their Future Colleagues Need to Know: (Abstract Only)
SIGCSE '18: Proceedings of the 49th ACM Technical Symposium on Computer Science EducationThere is a growing need for cybersecurity professionals with the knowledge, skills, and abilities (KSAs) necessary for risk and vulnerability analysis. Cybersecurity curricula should emphasize KSAs most important in cyber work. To determine which KSAs ...
Enhancing Cybersecurity Education Using POGIL (Abstract Only)
SIGCSE '17: Proceedings of the 2017 ACM SIGCSE Technical Symposium on Computer Science EducationThis poster presents our NSF collaborative project "Enhancing Cybersecurity Education Using POGIL". Although the POGIL (Process Oriented Guided Inquiry Learning) instructional approach has been used and evaluated in science and engineering disciplines, ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
June 2023
694 pages
ISBN:9798400701382
DOI:10.1145/3587102
- General Chairs:
- Mikko-Jussi Laakso,
- Mattia Monga,
- Program Chairs:
- Simon,
- Judithe Sheard
Copyright © 2023 Owner/Author.
This work is licensed under a Creative Commons Attribution-ShareAlike International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 30 June 2023
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- Ministerstvo kolstvmldee a tlovchovy R
Conference
ITiCSE 2023
Sponsor:
Acceptance Rates
Overall Acceptance Rate 552 of 1,613 submissions, 34%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 445Total Downloads
- Downloads (Last 12 months)229
- Downloads (Last 6 weeks)19
Reflects downloads up to 12 Dec 2024
Other Metrics
Citations
Cited By
View all- Ben Salamah FPalomino MCraven MPapadaki MFurnell S(2023)An Adaptive Cybersecurity Training Framework for the Education of Social Media Users at WorkApplied Sciences10.3390/app1317959513:17(9595)Online publication date: 24-Aug-2023
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in