MAnanA: A Generalized Heuristic Scoring Approach for Concept Map Analysis as Applied to Cybersecurity Education

Concept Maps (CMs) are considered a well-known pedagogy technique in creating curriculum, educating, teaching, and learning. Determining comprehension of concepts result from comparisons of candidate CMs against a master CM, and evaluate goodness . Past techniques for comparing CMs have revolved around the creation of a subjective rubric. We propose a novel CM scoring scheme called MAnanA based on a Fuzzy Similarity Scaling (FSS) score to vastly remove the subjectivity of the rubrics in the process of grading a CM. We evaluate our framework against a predefined rubric and test it with CM data collected from the Introduction to Computer Security course at the University of New Orleans (UNO), and found that the scores obtained via MAnanA captured the trend that we observed from the rubric via peak matching. Based on our evaluation, we believe that our framework can be used to objectify CM analysis

Assessment Of Two Pedagogical Tools For Cybersecurity Education

Cybersecurity is an important strategic areas of computer science, and a difficult discipline to teach effectively. To enhance and provide effective teaching and meaningful learning, we develop and assess two pedagogical tools: Peer instruction, and Concept Maps. Peer instruction teaching methodology has shown promising results in core computer science courses by reducing failure rates and improving student retention in computer science major. Concept maps are well-known technique for improving student-learning experience in class. This thesis document presents the results of implementing and evaluating the peer instruction in a semester-long cybersecurity course, i.e., introduction to computer security. Development and evaluation of concept maps for two cybersecurity courses: SCADA security systems, and digital forensics. We assess the quality of the concept maps using two well-defined techniques: Waterloo rubric, and topological scoring. Results clearly shows that overall concept maps are of high-quality and there is significant improvement in student learning gain during group-discussion

Analysis of cyber security knowledge gaps based on cyber security body of knowledge

Due to the increasing number of cyber incidents and overwhelming skills shortage, it is required to evaluate the knowledge gap between cyber security education and industrial needs. As such, the objective of this study is to identify the knowledge gaps in cyber security graduates who join the cyber security workforce. We designed and performed an opinion survey by using the Cyber Security Knowledge Areas (KAs) specified in the Cyber Security Body of Knowledge (CyBOK) that comprises 19 KAs. Our data was gathered from practitioners who work in cyber security organizations. The knowledge gap was measured and evaluated by acknowledging the assumption for employing sequent data as nominal data and improved it by deploying chi-squared test. Analyses demonstrate that there is a gap that can be utilized to enhance the quality of education. According to acquired final results, three key KAs with the highest knowledge gap are Web and Mobile Security, Security Operations and Incident Management. Also, Cyber-Physical Systems (CPS), Software Lifecycles, and Vulnerabilities are the knowledge areas with largest difference in perception of importance between less and more experienced personnel. We discuss several suggestions to improve the cyber security curriculum in order to minimize the knowledge gaps. There is an expanding demand for executive cyber security personnel in industry. High-quality university education is required to improve the qualification of upcoming workforce. The capability and capacity of the national cyber security workforce is crucial for nations and security organizations. A wide range of skills, namely technical skills, implementation skills, management skills, and soft skills are required in new cyber security graduates. The use of each CyBOK KA in the industry was measured in response to the extent of learning in university environments. This is the first study conducted in this field, it is considered that this research can inspire the way for further researches. 2022, The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature.Scopus2-s2.0-8513535559

Do ensino de emergência à transformação digital. Livro de comunicações e posters do eLIES2021

Publicação financiada por Fundos Nacionais através da FCT – Fundação para a Ciência e a Tecnologia, I.P., no âmbito do projeto UIDB/04372/2020O presente eBook - reúne os resumos, comunicações e os posters realizadas durante o IX Encontro de Instituições e Unidades de eLearning do Ensino Superior (eLIES2021), que se realizou pela primeira vez, em formato virtual e cujo lema foi “Do Ensino de Emergência à Transformação Digital”. O eL@IES é um Encontro de Instituições e Unidades de eLearning do Ensino Superior realizado anualmente, numa parceria de 3 IES das quais, o LE@D, Universidade Aberta é permanente. No âmbito da difusão e da transferência do conhecimento, visa promover a reflexão, o debate e a troca de experiências na implementação, na organização e na aplicação de eLearning nas Instituições de Ensino Superior portuguesas. Neste enquadramento, o eL@IES 2021 permitiu perceber, reforçar e desenvolver boas práticas de colaboração e de partilha entre as equipas e as unidades de eLearning e as Instituições de Ensino Superior portuguesas.info:eu-repo/semantics/publishedVersio

DDoS Capability and Readiness - Evidence from Australian Organisations

A common perception of cyber defence is that it should protect systems and data from malicious attacks, ideally keeping attackers outside of secure perimeters and preventing entry. Much of the effort in traditional cyber security defence is focused on removing gaps in security design and preventing those with legitimate permissions from becoming a gateway or resource for those seeking illegitimate access. By contrast, Distributed Denial of Service (DDoS) attacks do not use application backdoors or software vulnerabilities to create their impact. They instead utilise legitimate entry points and knowledge of system processes for illegitimate purposes. DDoS seeks to overwhelm system and infrastructure resources so that legitimate requests are prevented from reaching their intended destination. For this thesis, a literature review was performed using sources from two perspectives. Reviews of both industry literature and academic literature were combined to build a balanced view of knowledge of this area. Industry and academic literature revealed that DDoS is outpacing internet growth, with vandalism, criminal and ideological motivations rising to prominence. From a defence perspective, the human factor remains a weak link in cyber security due to proneness for mistakes, oversights and the variance in approach and methods expressed by differing cultures. How cyber security is perceived, approached, and applied can have a critical effect on the overall outcome achieved, even when similar technologies are implemented. In addition, variance in the technical capabilities of those responsible for the implementation may create further gaps and vulnerabilities. While discussing technical challenges and theoretical concepts, existing literature failed to cover the experiences held by the victim organisations, or the thoughts and feelings of their personnel. This thesis addresses these identified gaps through exploratory research, which used a mix of descriptive and qualitative analysis to develop results and conclusions. The websites of 60 Australian organisations were analysed to uncover the level and quality of cyber security information they were willing to share and the methods and processes they used to engage with their audience. In addition, semi-structured interviews were conducted with 30 employees from around half of those websites analysed. These were analysed using NVivo12 qualitative analysis software. The difficulty experienced with attracting willing participants reflected the comfort that organisations showed with sharing cyber security information and experiences. However, themes found within the results show that, while DDoS is considered a valid threat, without encouragement to collaborate and standardise minimum security levels, firms may be missing out on valuable strategies to improve their cyber security postures. Further, this reluctance to share leads organisations to rely on their own internal skill and expertise, thus failing to realise the benefits of established frameworks and increased diversity in the workforce. Along with the size of the participant pool, other limitations included the diversity of participants and the impact of COVID-19 which may have influenced participants' thoughts and reflections. These limitations however, present opportunity for future studies using greater participant numbers or a narrower target focus. Either option would be beneficial to the recommendations of this study which were made from a practical, social, theoretical and policy perspective. On a practical and social level, organisational capabilities suffer due to the lack of information sharing and this extends to the community when similar restrictions prevent collaboration. Sharing of knowledge and experiences while protecting sensitive information is a worthy goal and this is something that can lead to improved defence. However, while improved understanding is one way to reduce the impact of cyber-attacks, the introduction of minimum cyber security standards for products, could reduce the ease at which devices can be used to facilitate attacks, but only if policy and effective governance ensures product compliance with legislation. One positive side to COVID-19's push to remote working, was an increase in digital literacy. As more roles were temporarily removed from their traditional physical workplace, many employees needed to rapidly accelerate their digital competency to continue their employment. To assist this transition, organisations acted to implement technology solutions that eased the ability for these roles to be undertaken remotely and as a consequence, they opened up these roles to a greater pool of available candidates. Many of these roles are no longer limited to the geographical location of potential employees or traditional hours of availability. Many of these roles could be accessed from almost anywhere, at any time, which had a positive effect on organisational capability and digital sustainability