Lessons Learned From Integrating Industry and Exposing Enterprises to Computing Science Students

Graduates face a myriad of options upon completing their degree, including starting their own venture. Integrating industry and exposing enterprises to students as part of their curriculum not only provides opportunities for students, but enterprises as well. For students, they can apply their knowledge to real-world briefs in an attempt to win the business of a much larger corporation. For enterprises, they can identify strong potential future employees or investment opportunities. However, while opportunities exist for both students and existing enterprises, real challenges remain for the facilitating higher education institution. The talk will cover experiences of integrating industry into postgraduate courses and the lessons learned from facilitating the interaction between students and industry

Lessons Learned From Integrating Industry and Exposing Enterprises to Computing Science Students

Graduates face a myriad of options upon completing their degree, including starting their own venture. Integrating industry and exposing enterprises to students as part of their curriculum not only provides opportunities for students, but enterprises as well. For students, they can apply their knowledge to real-world briefs in an attempt to win the business of a much larger corporation. For enterprises, they can identify strong potential future employees or investment opportunities. However, while opportunities exist for both students and existing enterprises, real challenges remain for the facilitating higher education institution. The talk will cover experiences of integrating industry into postgraduate courses and the lessons learned from facilitating the interaction between students and industry

Designing computer security assessments to reduce plagiarism

Plagiarism and other forms of academic dishonesty for computing science assessments is a well documented issue. A common mode of dealing with this is to apply plagiarism detector software to code submissions to check for suspected plagiarism based on how similar submissions are. However, it arguably is less well established how to design computing science specifc assessments which aim to reduce the possibility of plagiarism, whilst not disadvantaging students who may struggle with some aspects of an assessment. This paper aims to report on the design and practice of such an assessment within a computer security course

Scaffolding Video Assignments in Cyber Security

This talk reflects on two cases of introducing assignments into two different computing courses related to cyber security that required students to create and submit videos. On reflection, analysis of the use of such assignments suggests that student success could be further improved by considering appropriate scaffolding not just within the courses themselves, but across degree programmes. The analysis led us to draw some practical recommendations that could be used to improve future learning designs

Modelling the security of recognition-based graphical password schemes

Recognition-based graphical passwords are a suggested alternative authentication mechanism which have received substantial attention in research literature. The literature often presents new schemes, usability studies or propose countermeasures for specific attacks. Whilst this is beneficial, it does not allow for consistent comparison of the security of recognition-based graphical password schemes. This thesis contributes a proposed solution to this problem. Presented in this thesis are models for estimating the number of attacks required before success for four aspects of the security of a recognition-based graphical password scheme. This includes two types of guessing attacks and two types of observation attacks. These models combine to provide an overall metric of the security of recognition-based graphical password schemes. Attacks to be incorporated into the metric were established by reviewing the literature and establishing the scope and context. The literature review allowed extraction of the variables of a recognition-based graphical password scheme which represent the scheme. The first aspect examined was that of guessing attacks. The first guessing attack considered was random guessing, the model for this aspect was an adaption of the frequently reported mathematical model. The second guessing attack was a newly proposed attack which prioritised images from more popular semantic categories e.g. animals. The model for this attack was constructed as a further adaption of the random guessing model based on the success rates for the attack which were established by simulations which incorporated user selected images. The observability attacks modelled were shoulder surfing and frequency attacks. The observability attack models were constructed by simulation of the attacks for a wide range of potential configurations of the recognition-based graphical password schemes. A mathematical model was fitted to the resulting data. The final metric combined these models and was evaluated against a list of metric requirements established from relevant literature. The metric results in a consistent, repeatable, and quantitative method for comparing recognition-based graphical password schemes. It can be directly applied to a subset of schemes which allows their security levels to be compared in a way not possible previously. Also presented are details on how the metric could be extended to incorporate other recognition-based graphical password schemes. The approach detailed also allows the possibility of extension to incorporate different attack types and authentication contexts. The metric allows appropriate selection of a recognition-based scheme and contributes to a detailed analysis of the security aspects of recognition-based graphical passwords

Exploring student perceptions and expectations of cyber security

Designing cyber security modules in Higher Education can be a balancing act. We aim to ensure students develop an understanding of key cyber security concepts such that they are able to contribute to security practices within the workplace. We also aim to develop understanding of more advanced and theoretical aspects of cyber security to meet a range of accreditation requirements and ensure those who wish to go on to work in security are suitably prepared. Additionally, students often have existing expectations and perceptions which must be managed. However, many general computing science degrees address security in isolated modules. As a result addressing these requirements can be challenging in the timeframe available. In this paper we present an activity designed explore student expectations of cyber security classes at two UK Universities in order to highlight the concerns of students such that curricula can consequently be amended to better meet student expectations

Opportunities to fail : using peer-review to support assessment literacy in cyber security

The importance of cyber security to the global economy has only grown in recent years. Effective cyber security technical policy is an important defence against numerous threats. Consequently, it is important that computing science and software engineering graduates are able to produce effective cyber security policy. However, written assessments, such as cyber security policy, for some students may be challenging due to lack of familiarity with such assessments. The lack of familiarity or poor assessment literacy not only has the potential to produce poor results, but can led to disappointment and frustration. In this poster, the practice of integrating peer-review as part of a cyber security policy assessment task to support assessment literacy is presented. The aim is to elicit feedback from conference participants not only on the practice itself, but on addressing the challenge of assessment literacy in the context of cyber security policy

Research-led active learning sessions in cyber security through research paper reading

Research-led teaching of cyber security can take many forms, but one approach in particular is acculturating students with cyber security research by engaging them with research artefacts. The present paper presents a computing science education practice where students are set weekly research articles to read in advance of sessions. The research articles are selected so as to best prepare students for the upcoming session topic. For example, for sessions on Risk and Risk Assessment, students are set a research article related risk. To motivate students to read the research article, a weekly quiz probes reading of it. The present paper outlines the background and motivation of the practice, learning design, feedback from students regarding the activity and closes with a discussion that explores thoughts from students as well as outlines future steps

Engaging students in threat thinking with the cyber security cinema

There are many topics in cyber security that motivate and excite students to learn as well as other topics that do not. The present paper outlines a learning design devised to motivate and engage students with some topics in cyber security using films. Learners are allocated to groups, select a film from a list, identify relevant cyber security concepts that appear in the film and share them with others. The present paper outlines the motivation for the activity, the learning design, feedback from students on an initial execution as well as discussion before offering some concluding thoughts

Data protection and privacy regulations as an inter-active-constructive practice

The aspiration of many governments around the world is to ensure all university graduates are well-versed in computing science and its related topics. This results in many graduates participating in postgraduate conversion courses. Many computing science schools favour delivering aspects of some topics, such as cyber security, simultaneously to students majoring in computing science and those converting to it. The challenge becomes integrating and understanding such a disparate student cohort. In this paper, we propose as a solution a learning design that has active, constructive and interactive elements. Student experience is reported and discussed, before considering the many benefits of the design