Experiences and Lessons Learned Creating and Validating Concept
Inventories for Cybersecurity
- URL: http://arxiv.org/abs/2004.05248v1
- Date: Fri, 10 Apr 2020 22:40:04 GMT
- Title: Experiences and Lessons Learned Creating and Validating Concept
Inventories for Cybersecurity
- Authors: Alan T. Sherman, Geoffrey L. Herman, Linda Oliva, Peter A. H.
Peterson, Enis Golaszewski, Seth Poulsen, Travis Scheponik, Akshita Gorti
- Abstract summary: Cybersecurity Concept Inventory (CCI) is for students who have recently completed any first course in cybersecurity.
The Cybersecurity Curriculum Assessment (CCA) is for students who have recently completed an undergraduate major or track in cybersecurity.
Each assessment tool comprises 25 multiple-choice questions (MCQs) of various difficulties that target the same five core concepts.
- Score: 0.0
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: We reflect on our ongoing journey in the educational Cybersecurity Assessment
Tools (CATS) Project to create two concept inventories for cybersecurity. We
identify key steps in this journey and important questions we faced. We explain
the decisions we made and discuss the consequences of those decisions,
highlighting what worked well and what might have gone better.
The CATS Project is creating and validating two concept
inventories---conceptual tests of understanding---that can be used to measure
the effectiveness of various approaches to teaching and learning cybersecurity.
The Cybersecurity Concept Inventory (CCI) is for students who have recently
completed any first course in cybersecurity; the Cybersecurity Curriculum
Assessment (CCA) is for students who have recently completed an undergraduate
major or track in cybersecurity. Each assessment tool comprises 25
multiple-choice questions (MCQs) of various difficulties that target the same
five core concepts, but the CCA assumes greater technical background.
Key steps include defining project scope, identifying the core concepts,
uncovering student misconceptions, creating scenarios, drafting question stems,
developing distractor answer choices, generating educational materials,
performing expert reviews, recruiting student subjects, organizing workshops,
building community acceptance, forming a team and nurturing collaboration,
adopting tools, and obtaining and using funding.
Creating effective MCQs is difficult and time-consuming, and cybersecurity
presents special challenges. Because cybersecurity issues are often subtle,
where the adversarial model and details matter greatly, it is challenging to
construct MCQs for which there is exactly one best but non-obvious answer. We
hope that our experiences and lessons learned may help others create more
effective concept inventories and assessments in STEM.
Related papers
- Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report [1.099532646524593]
Training new cybersecurity professionals is a challenging task due to the broad scope of the area.
We propose a solution: integrating a real-world bug bounty programme into cybersecurity curriculum.
We let students choose to participate in a bug bounty programme as an option for the semester assignment in a secure coding course.
arXiv Detail & Related papers (2024-04-18T09:53:49Z) - The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge.
This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI)
We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
arXiv Detail & Related papers (2024-01-03T07:47:22Z) - Cybersecurity in Motion: A Survey of Challenges and Requirements for Future Test Facilities of CAVs [11.853500347907826]
Cooperative Intelligent Transportation Systems (C-ITSs) are at the forefront of this evolution.
This paper presents an envisaged Cybersecurity Centre of Excellence (CSCE) designed to bolster research, testing, and evaluation of the cybersecurity of C-ITSs.
arXiv Detail & Related papers (2023-12-22T13:42:53Z) - Introducing and Interfacing with Cybersecurity -- A Cards Approach [5.269622526990732]
The National Cyber Security Centre published a Cybersecurity Body of Knowledge (CyBOK)
CyBOK contains over 1000 pages of in-depth material and may not be easy to navigate for novice individuals.
We propose the use of a playing cards format to provide introductory cybersecurity knowledge.
arXiv Detail & Related papers (2023-07-31T10:01:42Z) - Want to Raise Cybersecurity Awareness? Start with Future IT
Professionals [0.4893345190925178]
Our university designed an innovative cybersecurity awareness course that is freely available online for students, employees, and the general public.
The course offers simple, actionable steps that anyone can use to implement defensive countermeasures.
To measure the course impact, we administered it to 138 computer science undergraduates within a compulsory information security and cryptography course.
arXiv Detail & Related papers (2023-07-14T20:07:27Z) - An Exploratory Study on the Evidence of Hackathons' Role in Solving OSS
Newcomers' Challenges [54.56931759953522]
We aim to understand and discuss the challenges newcomers face when joining an OSS project.
We collect evidence on how hackathons were used to address those challenges.
arXiv Detail & Related papers (2023-05-16T15:40:19Z) - Quiz-based Knowledge Tracing [61.9152637457605]
Knowledge tracing aims to assess individuals' evolving knowledge states according to their learning interactions.
QKT achieves state-of-the-art performance compared to existing methods.
arXiv Detail & Related papers (2023-04-05T12:48:42Z) - Graph Mining for Cybersecurity: A Survey [61.505995908021525]
The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society.
Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities.
With the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance.
arXiv Detail & Related papers (2023-04-02T08:43:03Z) - XSS for the Masses: Integrating Security in a Web Programming Course
using a Security Scanner [3.387494280613737]
Cybersecurity education is an important part of undergraduate computing curricula.
Many institutions teach it only in dedicated courses or tracks.
An alternative approach is to integrate cybersecurity concepts across non-security courses.
arXiv Detail & Related papers (2022-04-26T16:20:36Z) - Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance.
We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems.
We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z) - Adversarial Machine Learning Attacks and Defense Methods in the Cyber
Security Domain [58.30296637276011]
This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques.
It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
arXiv Detail & Related papers (2020-07-05T18:22:40Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.