Cybersecurity in the Classroom: Bridging the Gap Between Computer Access and Online Safety

According to ISACA, there will be a global shortage of 2 million cybersecurity professionals worldwide by 2019. Additionally, according to Experian Data Breach Resolution, as much as 80% of all network breaches can be traced to employee negligence. These problems will not solve themselves, and they likewise won’t improve without drastic action. An effort needs to be made to help direct interested and qualified individuals to the field of cybersecurity to move toward closing this gap. Moreover, steps need to be made to better inform the public of general safety measures while online, including the safeguarding of sensitive information. A large issue with solving the problems at hand is that there seems to be no comprehensive curriculum for cybersecurity education to teach these basic principles. In my paper, I review and compare several after- and in-school programs that attempt to address this problem. I’ve also interviewed teachers from Montgomery County Public Schools, a relatively ethnically diverse school district outside of Washington, D.C. These issues need to be addressed, and while private organizations and local schools are attempting to tackle the problem, wider action may need to be taken at a national level to come to a resolution

Cybersecurity in the Classroom: Bridging the Gap Between Computer Access and Online Safety

According to ISACA, there will be a global shortage of 2 million cybersecurity professionals worldwide by 2019. Additionally, according to Experian Data Breach Resolution, as much as 80% of all network breaches can be traced to employee negligence. These problems will not solve themselves, and they likewise won’t improve without drastic action. An effort needs to be made to help direct interested and qualified individuals to the field of cybersecurity to move toward closing this gap. Moreover, steps need to be made to better inform the public of general safety measures while online, including the safeguarding of sensitive information. A large issue with solving the problems at hand is that there seems to be no comprehensive curriculum for cybersecurity education to teach these basic principles. In my paper, I review and compare several after- and in-school programs that attempt to address this problem. I’ve also interviewed teachers from Montgomery County Public Schools, a relatively ethnically diverse school district outside of Washington, D.C. These issues need to be addressed, and while private organizations and local schools are attempting to tackle the problem, wider action may need to be taken at a national level to come to a resolution

Cyber Security Awareness Among College Students

This study reports the early results of a study aimed to investigate student awareness and attitudes toward cyber security and the resulting risks in the most advanced technology environment: the Silicon Valley in California, USA. The composition of students in Silicon Valley is very ethnically diverse. The objective was to see how much the students in such a tech-savvy environment are aware of cyber-attacks and how they protect themselves against them. The early statistical analysis suggested that college students, despite their belief that they are observed when using the Internet and that their data is not secure even on university systems, are not very aware of how to protect their data. Also, it appears that educational institutions do not have an active approach to improve awareness among college students to increase their knowledge on these issues and how to protect themselves from potential cyber-attacks, such as identity theft or ransomware

Individual Differences in Cyber Security

A survey of IT professionals suggested that despite technological advancement and organizational procedures to prevent cyber-attacks, users are still the weakest link in cyber security (Crossler, 2013). This suggests it is important to discover what individual differences may cause a user to be more or less vulnerable to cyber security threats. Cyber security knowledge has been shown to lead to increased learning and proactive cyber security behavior (CSB). Self-efficacy has been shown to be a strong predictor of a user’s intended behavior. Traits such as neuroticism have been shown to negatively influence cyber security knowledge and self-efficacy, which may hinder CSB. In discovering what individual traits may predict CSB, users and designers may be able to implement solutions to improve CSB. In this study, 183 undergraduate students at San José State University completed an online survey. Students completed surveys of self-efficacy in information security, and cyber security behavioral intention, as well as a personality inventory and a semantic cyber security knowledge quiz. Correlational analyses were conducted to test hypotheses related to individual traits expected to predict CSB. Results included a negative relationship between neuroticism and self-efficacy and a positive relationship between self-efficacy and CSB. Overall, the results support the conclusion that individual differences can predict self-efficacy and intention to engage in CSB. Future research is needed to investigate whether CSB is influenced by traits such as neuroticism, if CSB can be improved through video games, and which are the causal directions of these effects

“Passwords protect my stuff” - a study of children’s password practices

Children use technology from a very young age and often have to authenticate. The goal of this study is to explore children’s practices, perceptions, and knowledge regarding passwords. Given the limited work to date and that the world’s cyber posture and culture will be dependent on today’s youth, it is imperative to conduct cyber-security research with children. We conducted surveys of 189 3rd to 8th graders from two Midwest schools in the USA. We found that children have on average two passwords for school and three to four passwords for home. They kept their passwords private and did not share with others. They created passwords with an average length of 7 (3rd to 5th graders) and 10 (6–8th graders). But, only about 13% of the children created very strong passwords. Generating strong passwords requires mature cognitive and linguistic capabilities which children at this developmental stage have not yet mastered. They believed that passwords provide access control, protect their privacy and keep their “stuff” safe. Overall, children had appropriate mental models of passwords and demonstrated good password practices. Cyber-security education should strive to reinforce these positive practices while continuing to provide and promote age-appropriate developmental security skills. Given the study’s sample size and limited generalizability, we are expanding our research to include children from 3rd to 12th graders across multiple US school districts

Cyber security education is as essential as “The Three R’s”

Smartphones have diffused rapidly across South African society and constitute the most dominant information and communication technologies in everyday use. That being so, it is important to ensure that all South Africans know how to secure their smart devices. This requires a high level of security awareness and knowledge. As yet, there is no formal curriculum addressing cyber security in South African schools. Indeed, it seems to be left to Universities to teach cyber security principles, and they currently only do this when students take computing-related courses. The outcome of this approach is that only a very small percentage of South Africans, i.e. those who take computing courses at University, are made aware of cyber security risks and know how to take precautions. Moreover, because this group is overwhelmingly male, this educational strategy disproportionately leaves young female South Africans vulnerable to cyber attacks. We thus contend that cyber security ought to be taught as children learn the essential “3 Rs” – delivering requisite skills at University level does not adequately prepare young South Africans for a world where cyber security is an essential skill. Starting to provide awareness and knowledge at primary school, and embedding it across the curriculum would, in addition to ensuring that people have the skills when they need them, also remove the current gender imbalance in cyber security awareness

An Empirical Assessment of Senior Citizens’ Cybersecurity Awareness, Computer Self-Efficacy, Perceived Risk of Identity Theft, Attitude, and Motivation to Acquire Cybersecurity Skills

Cyber-attacks on Internet users have caused billions of dollars in losses annually. Cybercriminals launch attacks via threat vectors such as unsecured wireless networks and phishing attacks on Internet users who are usually not aware of such attacks. Senior citizens are one of the most vulnerable groups who are prone to cyber-attacks, and this is largely due to their limited cybersecurity awareness and skills. Within the last decade, there has been a significant increase in Internet usage among senior citizens. It was documented that senior citizens had the greatest rate of increase in Internet usage over all the other age groups during the past decade. However, whenever senior citizens use the Internet, they are being targeted and exploited particularly for financial crimes, with estimation that one in five becoming a victim of financial fraud, costing more than $2.6 billion per year. Increasing the cybersecurity awareness and skills levels of Internet users have been recommended to mitigate the effects of cyber-attacks. However, it is unclear what motivates Internet users, particularly senior citizens, to acquire cybersecurity skills so that they can identify as well as mitigate the effects of the cyber-attacks. It is also not known how effective cybersecurity awareness training are on the cybersecurity skill level of senior citizens. Therefore, the main goal of this quantitative study was to empirically investigate the factors that contributed to senior citizens’ motivation to acquire cybersecurity skills so that they would be able to identify and mitigate cyber-attacks, as well as assess their actual cybersecurity skills level. This was done by assessing a model of contributing factors identified in prior literature (senior citizens’ cybersecurity awareness, computer self-efficacy, perceived risk of identity theft, & older adults’ computer technology attitude) on the motivation of senior citizens to acquire cybersecurity skills. This study utilized a Web-based survey to measure the contributing factors and a hands-on scenarios-based iPad app called MyCyberSkills™ that was developed and empirically validated in prior research to measure the cybersecurity skills level of the senior citizens. All study measures were done before and after cybersecurity awareness training (pre- & post-test) to uncover if there were any differences on the assessed models and scores due to such treatment. The study included a sample of 254 senior citizens with a mean age of about 70 years. Path analyses using Smart PLS 3.0 were done to assess the pre- and post-test models to determine the contributions of each contributing factor to senior citizens’ motivation to acquire cybersecurity skills. Additionally, analysis of variance (ANOVA) and analysis of covariance (ANCOVA) using SPSS were done to determine significant mean difference between the pre-and post-test levels of the senior citizens’ cybersecurity skill level. The path analysis results indicate that while all paths on both models were significant, many of the paths had very low path coefficients, which in turn, indicated weak relationships among the assessed paths. However, although the path coefficients were lower than expected, the findings suggest that both intrinsic and extrinsic motivation, along with antecedents such as senior citizens’ cybersecurity awareness, computer self-efficacy, perceived risk of identity theft, and older adults’ computer technology attitude significantly impact the cybersecurity skill levels of senior citizens. The analysis of variance results indicated that there was a significant increase in the mean cybersecurity skills scores from 59.67% to 64.51% (N=254) as a result of the cybersecurity awareness training. Hence, the cybersecurity awareness training was effective in increasing the cybersecurity skill level of the senior citizens, and empowered them with small but significant improvement in the requisite skills to take mitigating actions against cyberattacks. The analysis of covariance results indicated that, except for years using computers, all the other demographic indicators were not significant. Contributions from this study add to the body of knowledge by providing empirical results on the factors that motivate senior citizens to acquire cybersecurity skills, and thus, may help in reducing some of the billions of dollars in losses accrued to them because of cyber-attacks. Senior citizens will also benefit in that they will be better able to identify and mitigate the effects of cyber-attacks should they attend cybersecurity awareness trainings. Additionally, the recommendations from this study can be useful to law enforcement and other agencies that work with senior citizens in reducing the number of cases relating to cybersecurity issues amongst senior citizens, and thus, free up resources to fight other sources of cybercrime for law enforcement agencies

A Survey of Serious Games for Cybersecurity Education and Training

Serious games can challenge users in competitive and entertaining ways. Educators have used serious games to increase student engagement in cybersecurity education. Serious games have been developed to teach students various cybersecurity topics such as safe online behavior, threats and attacks, malware, and more. They have been used in cybersecurity training and education at different levels. Serious games have targeted different audiences such as K-12 students, undergraduate and graduate students in academic institutions, and professionals in the cybersecurity workforce. In this paper, we provide a survey of serious games used in cybersecurity education and training. We categorize these games into four types based on the topics they cover and the purposes of the games: security awareness, network and web security, cryptography, and secure software development. We provide a catalog of games available online. This survey informs educators of available resources for cybersecurity education and training using interactive games. Keywords: Serious games; Game-based Learning; Cybersecurity

Case study:exploring children’s password knowledge and practices

Children use technology from a very young age, and often have to authenticate themselves. Yet very little attention has been paid to designing authentication specifically for this particular target group. The usual practice is to deploy the ubiquitous password, and this might well be a suboptimal choice. Designing authentication for children requires acknowledgement of child-specific developmental challenges related to literacy, cognitive abilities and differing developmental stages. Understanding the current state of play is essential, to deliver insights that can inform the development of child-centred authentication mechanisms and processes. We carried out a systematic literature review of all research related to children and authentication since 2000. A distinct research gap emerged from the analysis. Thus, we designed and administered a survey to school children in the United States (US), so as to gain insights into their current password usage and behaviors. This paper reports preliminary results from a case study of 189 children (part of a much larger research effort). The findings highlight age-related differences in children’s password understanding and practices. We also discovered that children confuse concepts of safety and security. We conclude by suggesting directions for future research. This paper reports on work in progress.<br/

Faculty Perceptions of Open Educational Resources in Cyber Curriculum: A Pilot Study

The cyber landscape is growing and evolving at a fast pace. Public and private industries need qualified applicants to protect and defend information systems that drive the digital economy. Currently, there are not enough candidates in the pipeline to fill this need in the workforce. The digital economy is still growing, thus presenting an even greater need for skilled workers in the future. The lack of a strong workforce in cybersecurity presents many challenges to safeguarding U.S. national security and citizens across the world. The William and Flora Hewlett Foundation defines Open Educational Resources (OER) as teaching, learning, and research materials in any medium – digital or otherwise – that reside in the public domain or have been released under an open license that permits no-cost access, use, adaptation, and redistribution by others with no or limited restrictions. OERs weaken barriers to learning by reducing costs, increasing access, and allowing adaptability of educational materials to meet the needs of an instructor in their field. In this study, the research aims to study cyber faculty members from higher educational institutions in the United States to determine their perceptions of using OER for cyberlearning. A survey instrument from the Babson Survey Research Group was adopted and adapted by the researcher for use in statistical analysis. Individuals from cyber professional organizations, an academic conference, and professional development opportunities in the Summer of 2019 completed the survey to help build the sample for data analysis. The research questions in the study aim to look for statistically significant differences in perceptions of cyber faculty by looking at their years of experience and the number of specialty roles faculty fill in their cyber endeavors. Further understanding of the perceptions of OER by cyber faculty will help understand the roles these educational tools play in tackling the challenges that exist in the cyber landscape