Biblio

Cybersecurity education is a critical component of today's computer science and IT curriculum. To provide for a highly effective cybersecurity education, we propose using machine-learning techniques to identify common learning modalities of cybersecurity students in order to optimize how cybersecurity core topics, threats, tools and techniques are taught. We test various hypothesis, e.g. that students of selected VARK learning styles will outperform their peers. The results indicate that for the class assignments in our study preference of read/write and kinesthetic modalities yielded the best results. This further indicates that specific learning instruments can be tailored for students based on their individual VARK learning styles.

The current trend of ubiquitous device use whereby computing is becoming increasingly context-aware and personal, has created a growing concern for the protection of personal privacy. Privacy is an essential component of security, and there is a need to be able to secure personal computers and networks to minimize privacy depreciation within cyberspace. Human error has been recognized as playing a major role in security breaches: Hence technological solutions alone cannot adequately address the emerging security and privacy threats. Home users are particularly vulnerable to cybersecurity threats for a number of reasons, including a particularly important one that our research seeks to address: The lack of cybersecurity education. We argue that research seeking to address the human element of cybersecurity should not be limited only to the design of more usable technical security mechanisms, but should be extended and applied to offering appropriate training to all stakeholders within cyberspace.

The purpose of this paper is threefold. First, it makes the case for incorporating cybersecurity principles into undergraduate Engineering Technology Education and for incorporating Industrial Control Systems (ICS) principles into undergraduate Information Technology (IT)/Cybersecurity Education. Specifically, the paper highlights the knowledge/skill gap between engineers and IT/Cybersecurity professionals with respect to the cybersecurity of the ICS. Secondly, it identifies several areas where traditional IT systems and ICS intercept. This interception not only implies that ICS are susceptible to the same cyber threats as traditional IT/IS but also to threats that are unique to ICS. Subsequently, the paper identifies several areas where cybersecurity principles can be applied to ICS. By incorporating cybersecurity principles into Engineering Technology Education, the paper hopes to provide IT/Cybersecurity and Engineering Students with (a) the theoretical knowledge of the cybersecurity issues associated with administering and operating ICS and (b) the applied technical skills necessary to manage and mitigate the cyber risks against these systems. Overall, the paper holds the promise of contributing to the ongoing effort aimed at bridging the knowledge/skill gap with respect to securing ICS against cyber threats and attacks.

In an increasingly asymmetric context of both instability and permanent innovation, organizations demand new capacities and learning patterns. In this sense, supervisors have adopted the metaphor of the "sandbox" as a strategy that allows their regulated parties to experiment and test new proposals in order to study them and adjust to the established compliance frameworks. Therefore, the concept of the "sandbox" is of educational interest as a way to revindicate failure as a right in the learning process, allowing students to think, experiment, ask questions and propose ideas outside the known theories, and thus overcome the mechanistic formation rooted in many of the higher education institutions. Consequently, this article proposes the application of this concept for educational institutions as a way of resignifying what students have learned.

ARtect is an Augmented Reality application developed with Unity 3D, which envisions an educational interactive and immersive tool for architects, designers, researchers, and artists. This digital instrument renders the competency to visualize custom-made 3D models and 2D graphics in interior and exterior environments. The user-friendly interface offers an accurate insight before the materialization of any architectural project, enabling evaluation of the design proposal. This practice could be integrated into learning architectural design process, saving resources of printed drawings, and 3D carton models during several stages of spatial conception.

This article describes the development of two mobile applications for learning Digital Electronics. The first application is an interactive app for iOS where you can study the different digital circuits, and which will serve as the basis for the second: a game of questions in augmented reality.

This is an innovative practice full paper. In past projects, we have successfully used a private TOR (anonymity network) platform that enabled our students to explore the end-to-end inner workings of the TOR anonymity network through a number of controlled hands-on lab assignments. These have saisfied the needs of curriculum focusing on networking functions and algorithms. To be able to extend the use and application of the private TOR platform into cryptography courses, there is a desperate need to enhance the platform to allow the development of hands-on lab assignments on the cryptographic algorithms and methods utilized in the creation of TOR secure connections and end-to-end circuits for anonymity.In tackling this challenge, and since TOR is open source software, we identify the cryptographic functions called by the TOR algorithms in the process of establishing TLS connections and creating end-to-end TOR circuits as well tearing them down. We instrumented these functions with the appropriate code to log the cryptographic keys dynamically created at all nodes involved in the creation of the end to end circuit between the Client and the exit relay (connected to the target server).We implemented a set of pedagogical lab assignments on a private TOR platform and present them in this paper. Using these assignments, students are able to investigate and validate the cryptographic procedures applied in the establishment of the initial TLS connection, the creation of the first leg of a TOR circuit, as well as extending the circuit through additional relays (at least two relays). More advanced assignments are created to challenge the students to unwrap the traffic sent from the Client to the exit relay at all onion skin layers and compare it with the actual traffic delivered to the target server.

These days the digitization process is everywhere, spreading also across central governments and local authorities. It is hoped that, using open government data for scientific research purposes, the public good and social justice might be enhanced. Taking into account the European General Data Protection Regulation recently adopted, the big challenge in Portugal and other European countries, is how to provide the right balance between personal data privacy and data value for research. This work presents a sensitivity study of data anonymization procedure applied to a real open government data available from the Brazilian higher education evaluation system. The ARX k-anonymization algorithm, with and without generalization of some research value variables, was performed. The analysis of the amount of data / information lost and the risk of re-identification suggest that the anonymization process may lead to the under-representation of minorities and sociodemographic disadvantaged groups. It will enable scientists to improve the balance among risk, data usability, and contributions for the public good policies and practices.

In recent years, humanoid robots have become quite ubiquitous finding wide applicability in many different fields, spanning from education to entertainment and assistance. They can be considered as more complex cyber-physical systems (CPS) and, as such, they are exposed to the same vulnerabilities. This can be very dangerous for people acting that close with these robots, since attackers by exploiting their vulnerabilities, can not only violate people's privacy, but, more importantly, they can command the robot behavior causing them bodily harm, thus leading to devastating consequences. In this paper, we propose a solution not yet investigated in this field, which relies on the use of secure enclaves, which in our opinion could represent a valuable solution for coping with most of the possible attacks, while suggesting developers to adopt such a precaution during the robot design phase.

The reality of today's computing landscape already suffers from a shortage of cybersecurity professionals, and this gap only expected to grow. We need to generate interest in this STEM topic early in our student's careers and provide teachers the resources they need to succeed in addressing this gap. To address this shortfall we present Practical LAbs in Security for Mobile Applications (PLASMA), a public set of educational security labs to enable instruction in creation of secure Android apps. These labs include example vulnerable applications, information about each vulnerability, steps for how to repair the vulnerabilities, and information about how to confirm that the vulnerability has been properly repaired. Our goal is for instructors to use these activities in their mobile, security, and general computing courses ranging from secondary school to university settings. Another goal of this project is to foster interest in security and computing through demonstrating its importance. Initial feedback demonstrates the labs' positive effects in enhancing student interest in cybersecurity and acclaim from instructors. All project activities may be found on the project website: http://www.TeachingMobileSecurity.com

This is a full paper for innovate practice. Building a private cloud or using a public cloud is now feasible at many institutions. This paper presents the innovative design of cloudbased labs and programming assignments for a networking course and a cybersecurity course, and our experiences of innovatively using the private cloud at our institution to support these learning activities. It is shown by the instructor's observations and student survey data that our approach benefits learning and teaching. This approach makes it possible and secure to develop some learning activities that otherwise would not be allowed on physical servers. It enables the instructor to support students' desire of developing programs in their preferred programming languages. It allows students to debug and test their programs on the same platform to be used by the instructor for testing and grading. The instructor does not need to spend extra time administrating the computing environments. A majority (88% or more) of the students agree that working on those learning activities in the private cloud not only helps them achieve the course learning objectives, but also prepares them for their future careers.

This innovative practice paper considers the heightening awareness of the need for cybersecurity programs in light of several well publicized cyber-attacks in recent years. An examination of the academic job market reveals that a significant number of institutions are looking to hire new faculty in the area of cybersecurity. Additionally, a growing number of universities are starting to offer courses, certifications and degrees in cybersecurity. Other recent activity includes the development of a model cybersecurity curriculum and the creation of a program accreditation criteria for cybersecurity through ABET. This sudden and significant growth in demand for cybersecurity expertise has some similarities to the significant demand for networking faculty that Computer Science programs experienced in the late 1980s as a result of the rise of the Internet. This paper examines the resources necessary to respond to the demand for cybersecurity courses and programs and draws some parallels and distinctions to the demand for networking faculty over 25 years ago. Faculty and administration are faced with a plethora of questions to answer as they approach this problem: What degree and courses to offer, what certifications to consider, which curriculum to incorporate and how to deliver the material (online, faceto-face, or something in-between)? However, the most pressing question in today's fiscal climate in higher education is: what resources will it take to deliver a cybersecurity program?

This Work-In-Progress Paper for the Innovative Practice Category presents a novel experiment in active learning of cybersecurity. We introduced a new workshop on hacking for an existing science-popularizing program at our university. The workshop participants, 28 teenagers, played a cybersecurity game designed for training undergraduates and professionals in penetration testing. Unlike in learning environments that are simplified for young learners, the game features a realistic virtual network infrastructure. This allows exploring security tools in an authentic scenario, which is complemented by a background story. Our research aim is to examine how young players approach using cybersecurity tools by interacting with the professional game. A preliminary analysis of the game session showed several challenges that the workshop participants faced. Nevertheless, they reported learning about security tools and exploits, and 61% of them reported wanting to learn more about cybersecurity after the workshop. Our results support the notion that young learners should be allowed more hands-on experience with security topics, both in formal education and informal extracurricular events.

This Innovative Practice Work in Progress paper makes the case for using concept inventories in cybersecurity education and presents an example of the development of a concept inventory in the field of secure programming. The secure programming concept inventory is being developed by a team of researchers from four universities. We used a Delphi study to define the content area to be covered by the concept inventory. Participants in the Delphi study included ten experts from academia, government, and industry. Based on the results, we constructed a concept map of secure programming concepts. We then compared this concept map to the Joint Task Force on Cybersecurity Education Curriculum 2017 guidelines to ensure complete coverage of secure programming concepts. Our mapping indicates a substantial match between the concept map and those guidelines.

This Innovate Practice Work in Progress paper is about education on Cybersecurity, which is essential in training of innovative talents in the era of the Internet. Besides knowledge and skills, it is important as well to enhance the students' awareness of cybersecurity in daily life. Considering that contactless smart cards are common and widely used in various areas, one basic and two advanced contactless smart card experiments were designed innovatively and assigned to junior students in 3-people groups in an introductory cybersecurity summer course. The experimental principles, facilities, contents and arrangement are introduced successively. Classroom tests were managed before and after the experiments, and a box and whisker plot is used to describe the distributions of the scores in both tests. The experimental output and student feedback implied the learning objectives were achieved through the problem-based, active and group learning experience during the experiments.

This Research Work in Progress paper presents a study on improving student learning performance in a virtual hands-on lab system in cybersecurity education. As the demand for cybersecurity-trained professionals rapidly increasing, virtual hands-on lab systems have been introduced into cybersecurity education as a tool to enhance students' learning. To improve learning in a virtual hands-on lab system, instructors need to understand: what learning activities are associated with students' learning performance in this system? What relationship exists between different learning activities? What instructors can do to improve learning outcomes in this system? However, few of these questions has been studied for using virtual hands-on lab in cybersecurity education. In this research, we present our recent findings by identifying that two learning activities are positively associated with students' learning performance. Notably, the learning activity of reading lab materials (p \textbackslashtextless; 0:01) plays a more significant role in hands-on learning than the learning activity of working on lab tasks (p \textbackslashtextless; 0:05) in cybersecurity education.In addition, a student, who spends longer time on reading lab materials, may work longer time on lab tasks (p \textbackslashtextless; 0:01).

The search for alternative delivery modes to teaching has been one of the pressing concerns of numerous educational institutions. One key innovation to improve teaching and learning is e-learning which has undergone enormous improvements. From its focus on text-based environment, it has evolved into Virtual Learning Environments (VLEs) which provide more stimulating and immersive experiences among learners and educators. An example of VLEs is the virtual world which is an emerging educational platform among universities worldwide. One very interesting topic that can be taught using the virtual world is cybersecurity. Simulating cybersecurity in the virtual world may give a realistic experience to students which can be hardly achieved by classroom teaching. To date, there are quite a number of studies focused on cybersecurity awareness and cybersecurity behavior. But none has focused looking into the effect of digital simulation in the virtual world, as a new educational platform, in the cybersecurity attitude of the students. It is in this regard that this study has been conducted by designing simulation in the virtual world lessons that teaches the five aspects of cybersecurity namely; malware, phishing, social engineering, password usage and online scam, which are the most common cybersecurity issues. The study sought to examine the effect of this digital simulation design in the cybersecurity knowledge and attitude of the students. The result of the study ascertains that students exposed under simulation in the virtual world have a greater positive change in cybersecurity knowledge and attitude than their counterparts.

IT technology is a vital part of our everyday life and society. Additionally, as it is present in strategic domains like the military, healthcare or critical infrastructure, the aspect of protection, i.e. cybersecurity is of utmost importance. In recent years, the demand for cybersecurity experts is exponentially rising. Additionally, the field of cybersecurity is very much interdisciplinary and therefore requires a broad set of skills. Renowned organisations as ACM or IEEE have recognized the importance of cybersecurity experts and proposed guidelines for higher education training of such professionals. This paper presents an overview of a cybersecurity education model from the Information Systems and Information Technology perspective together with a good example and experience of the University of Maribor. The presented education model is shaped according to the guidelines by the Joint Task Force on Cybersecurity Education and the expectations of the Slovene industry regarding the knowledge and skills their future employees should possess.

In this paper, we propose a cybersecurity exercise system in a virtual computer environment. The human resource development for security fields is an urgent issue because of the threat of cyber-attacks, recently, is increasing, many incidents occurring, but there is a not enough security personnel to respond. Some universities and companies are conducting education using a commercial training system on the market. However, built and operates the training system is expensive, therefore difficult to use in higher education institutions and SMEs. However, to build and operates, the training system needs high cost, thus difficult to use in higher education institutions and SMEs. For this reason, we developed the CyExec: a cybersecurity exercise system consisting of a virtual computer environment using VirtualBox and Docker. We also implemented the WebGoat that is an OSS vulnerability diagnosis and learning program on the CyExec and developed an attack and defense exercise program.

This Innovate Practice Full Paper describes our experience with teaching cybersecurity topics using guided inquiry collaborative learning. The goal is to not only develop the students' in-depth technical knowledge, but also “soft skills” such as communication, attitude, team work, networking, problem-solving and critical thinking. This paper reports our experience with developing and using the Guided Inquiry Collaborative Learning materials on the topics of firewall and IPsec. Pre- and post-surveys were conducted to access the effectiveness of the developed materials and teaching methods in terms of learning outcome, attitudes, learning experience and motivation. Analysis of the survey data shows that students had increased learning outcome, participation in class, and interest with Guided Inquiry Collaborative Learning.

Augmented reality is changing the way its users see the world. Smart augmented-reality glasses, with high resolution Optical Head Mounted display, supplements views of the real-world using video, audio, or graphics projected in front of user's eye. The area of Smart Glasses and heads-up display devices is not a new one, however in the last few years, it has seen an extensive growth in various fields including education. Our work takes advantage of a student's ability to adapt to new enabling technologies to investigate improvements teaching techniques in STEM areas and enhance the effectiveness and efficiency in teaching the new course content. In this paper, we propose to focus on the application of Smart Augmented-Reality Glasses in cybersecurity education to attract and retain students in STEM. In addition, creative ways to learn cybersecurity education via Smart Glasses will be explored using a Discovery Learning approach. This mode of delivery will allow students to interact with cybersecurity theories in an innovative, interactive and effective way, enhancing their overall live experience and experimental learning. With the help of collected data and in-depth analysis of existing smart glasses, the ongoing work will lay the groundwork for developing augmented reality applications that will enhance the learning experiences of students. Ultimately, research conducted with the glasses and applications may help to identify the unique skillsets of cybersecurity analysts, learning gaps and learning solutions.

Diagnostic research methods were designed to draw attention to the needs of future engineers in the field of innovative methods of acquiring knowledge, skills and competencies in the protection of intellectual property in order to prepare for functioning in the economy 4.0.

We analyze expert review and student performance data to evaluate the validity of the Cybersecurity Concept Inventory (CCI) for assessing student knowledge of core cybersecurity concepts after a first course on the topic. A panel of 12 experts in cybersecurity reviewed the CCI, and 142 students from six different institutions took the CCI as a pilot test. The panel reviewed each item of the CCI and the overwhelming majority rated every item as measuring appropriate cybersecurity knowledge. We administered the CCI to students taking a first cybersecurity course either online or proctored by the course instructor. We applied classical test theory to evaluate the quality of the CCI. This evaluation showed that the CCI is sufficiently reliable for measuring student knowledge of cybersecurity and that the CCI may be too difficult as a whole. We describe the results of the expert review and the pilot test and provide recommendations for the continued improvement of the CCI.

Cybersecurity education and training have gained increasing attention in all sectors due to the prevalence and quick evolution of cyberattacks. A variety of platforms and systems have been proposed and developed to accommodate the growing needs of hands-on cybersecurity practice. However, those systems are either lacking sufficient flexibility (e.g., tied to a specific virtual computing service provider, little customization support) or difficult to scale. In this work, we present a cloud-based platform named EZSetup for hands-on cybersecurity practice at scale and our experience of using it in class. EZSetup is customizable and cloud-agnostic. Users can create labs through an intuitive Web interface and deploy them onto one or multiple clouds. We have used NSF funded Chameleon cloud and our private OpenStack cloud to develop, test and deploy EZSetup. We have developed 14 network and security labs using the tool and included six labs in an undergraduate network security course in spring 2019. Our survey results show that students have very positive feedback on using EZSetup and computing clouds for hands-on cybersecurity practice.

Development of information systems dealing with education and labour market using web and grid service architecture enables their modularity, expandability and interoperability. Application of ontologies to the web helps with collecting and selecting the knowledge about a certain field in a generic way, thus enabling different applications to understand, use, reuse and share the knowledge among them. A necessary step before publishing computer-interpretable data on the public web is the implementation of common standards that will ensure the exchange of information. Croatian Qualification Framework (CROQF) is a project of standardization of occupations for the labour market, as well as standardization of sets of qualifications, skills and competences and their mutual relations. This paper analysis a respectable amount of research dealing with application of ontologies to information systems in education during the last decade. The main goal is to compare achieved results according to: 1) phases of development/classifications of education-related ontologies; 2) areas of education and 3) standards and structures of metadata for educational systems. Collected information is used to provide insight into building blocks of CROQF, both the ones well supported by experience and best practices, and the ones that are not, together with guidelines for development of own standards using ontological structures.