Cybersecurity Education

Image removed.

Education As a discipline in higher education, cybersecurity is less than two decades old. But because of the large number of qualified professionals needed, many universities offer cybersecurity education in a variety of delivery formats—live, online, and hybrid. Much of the curriculum has been driven by NSTISSI standards written in the early 1990s. A new look, based on research, is producing new ideas for how to better train cybersecurity professionals. The articles cited here are from the first half of 2014.

  • Conklin, W.A; Cline, R.E.; Roosa, T., "Re-engineering Cybersecurity Education in the US: An Analysis of the Critical Factors," System Sciences (HICSS), 2014 47th Hawaii International Conference on , vol., no., pp.2006,2014, 6-9 Jan. 2014. doi: 10.1109/HICSS.2014.254 The need for cyber security professionals continues to grow and education systems are responding in a variety of way. The US government has weighed in with two efforts, the NICE effort led by NIST and the CAE effort jointly led by NSA and DHS. Industry has unfilled needs and the CAE program is changing to meet both NICE and industry needs. This paper analyzes these efforts and examines several critical, yet unaddressed issues facing school programs as they adapt to new criteria and guidelines. Technical issues are easy to enumerate, yet it is the programmatic and student success factors that will define successful programs.
    Keywords: computer science education; security of data; CAE program; DHS; Department of Homeland Security; NICE effort; NIST; NSA; National Initiative for Cybersecurity Education; National Security Agency; US government; critical factors analysis; cyber security professionals; cybersecurity education re-engineering; education systems; programmatic factors; school programs; student success factors; Computer security; Educational institutions; Government; Industries; Information security (ID#:14-2078)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6758852&isnumber=6758592
  • Kessler, G.C.; Ramsay, J.D., "A Proposed Curriculum in Cybersecurity Education Targeting Homeland Security Students," System Sciences (HICSS), 2014 47th Hawaii International Conference on , vol., no., pp.4932,4937, 6-9 Jan. 2014. doi: 10.1109/HICSS.2014.605 Homeland Security (HS) is a growing field of study in the U.S. today, generally covering risk management, terrorism studies, policy development, and other topics related to the broad field. Information security threats to both the public and private sectors are growing in intensity, frequency, and severity, and are a very real threat to the security of the nation. While there are many models for information security education at all levels of higher education, these programs are invariably offered as a technical course of study, these curricula are generally not well suited to HS students. As a result, information systems and cyber security principles are underrepresented in the typical HS program. The authors propose a course of study in cyber security designed to capitalize on the intellectual strengths of students in this discipline and that are consistent with the broad suite of professional needs in this discipline.
    Keywords: computer aided instruction; educational courses; further education; risk management; security of data; HS; cyber security principles; cybersecurity education; higher education; homeland security students ;information security; information security education; information systems; policy development; private sectors; proposed curriculum; public sectors; risk management; terrorism studies; Computer security; Computers; Cyberspace; Education; Information security; Terrorism; Homeland security education; cybersecurity education (ID#:14-2079)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6759208&isnumber=6758592
  • Barclay, Corlane, "Sustainable Security Advantage In A Changing Environment: The Cybersecurity Capability Maturity Model (CM2)," ITU Kaleidoscope Academic Conference: Living in a converged world - Impossible without standards?, Proceedings of the 2014 , vol., no., pp.275,282, 3-5 June 2014 doi: 10.1109. With the rapid advancement in technology and the growing complexities in the interaction of these technologies and networks, it is even more important for countries and organizations to gain sustainable security advantage. Security advantage refers to the ability to manage and respond to threats and vulnerabilities with a proactive security posture. This is accomplished through effectively planning, managing, responding to and recovering from threats and vulnerabilities. However not many organizations and even countries, especially in the developing world, have been able to equip themselves with the necessary and sufficient know-how or ability to integrate knowledge and capabilities to achieve security advantage within their environment. Having a structured set of requirements or indicators to aid in progressively attaining different levels of maturity and capabilities is one important method to determine the state of cybersecurity readiness. The research introduces the Cybersecurity Capability Maturity Model (CM2), a 6-step process of progressive development of cybersecurity maturity and knowledge integration that ranges from a state of limited awareness and application of security controls to pervasive optimization of the protection of critical assets.
    Keywords: Capability maturity model; Computer crime; Context; Education; Organizations; CM2; capabilities; cybersecurity Capability Maturity Model; privacy; security; security advantage (ID#:14-2080)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6858466&isnumber=6858455
  • Daniel Manson, Ronald Pike, “The Case For Depth In Cybersecurity Education,” ACM Inroads, Volume 5 Issue 1, March 2014, Pages 47-52 doi>10.1145/2568195.2568212 In his book Outliers, Malcom Gladwell describes the 10,000-Hour Rule, a key to success in any field, as simply a matter of practicing a specific task that can be accomplished with 20 hours of work a week for 10 years [10]. Ongoing changes in technology and national security needs require aspiring excellent cybersecurity professionals to set a goal of 10,000 hours of relevant, hands-on skill development. The education system today is ill prepared to meet the challenge of producing an adequate number of cybersecurity professionals, but programs that use competitions and learning environments that teach depth are filling this void.
    Keywords: cybersecurity, depth, education (ID#:14-2081)
    URL: http://dl.acm.org/citation.cfm?doid=2568195.2568212 or http://doi.acm.org/10.1145/2568195.2568212
  • Diana L. Burley, Eugene H. Spafford, “An interview with Gene Spafford on balancing breadth and depth in cybersecurity education,” ACM Inroads, Volume 5 Issue 1, March 2014, Pages 42-46. doi>10.1145/2568195.2568211 An abstract is not available.
    Keywords: competitions, cybersecurity, education (ID#:14-2081)
    URL: http://dl.acm.org/citation.cfm?doid=2568195.2568211 or http://doi.acm.org/10.1145/2568195.2568211
  • Marcin Lukowiak, Stanisław Radziszowski, James Vallino, Christopher Wood, “Cybersecurity Education: Bridging the Gap Between Hardware and Software Domains,” ACM Transactions on Computing Education (TOCE) TOCE Homepage, Volume 14 Issue 1, March 2014, Article No. 2. With the continuous growth of cyberinfrastructure throughout modern society, the need for secure computing and communication is more important than ever before. As a result, there is also an increasing need for entry-level developers who are capable of designing and building practical solutions for systems with stringent security requirements. This calls for careful attention to algorithm choice and implementation method, as well as trade-offs between hardware and software implementations. This article describes motivation and efforts taken by three departments at Rochester Institute of Technology (Computer Engineering, Computer Science, and Software Engineering) that were focused on creating a multidisciplinary course that integrates the algorithmic, engineering, and practical aspects of security as exemplified by applied cryptography. In particular, the article presents the structure of this new course, topics covered, lab tools and results from the first two spring quarter offerings in 2011 and 2012.
    Keywords: Security-oriented curriculum, cybersecurity education, hardware and software design, multidisciplinary applied cryptography (ID#:14-2082)
    URL: http://dl.acm.org/citation.cfm?doid=2600089.2538029 or http://doi.acm.org/10.1145/2538029
  • David Klaper, Eduard Hovy, “A Taxonomy And A Knowledge Portal For Cybersecurity,” Proceedings of the 15th Annual International Conference on Digital Government Research , June 2014, Pages 79-85. doi>10.1145/2612733.2612759 Smart government is possible only if the security of sensitive data can be assured. The more knowledgeable government officials and citizens are about cybersecurity, the better are the chances that government data is not compromised or abused. In this paper, we present two systems under development that aim at improving cybersecurity education. First, we are creating a taxonomy of cybersecurity topics that provides links to relevant educational or research material. Second, we are building a portal that serves as platform for users to discuss the security of websites. These sources can be linked together. This helps to strengthen the knowledge of government officials and citizens with regard to cybersecurity issues. These issues are a central concern for open government initiatives.
    Keywords: cybersecurity, education, systematization, taxonomy (ID#:14-2083)
    URL: http://dl.acm.org/citation.cfm?doid=2612733.2612759 or http://doi.acm.org/10.1145/2612733.2612759
  • Barbara E. Endicott-Popovsky, Viatcheslav M. Popovsky, “Application of Pedagogical Fundamentals For The Holistic Development Of Cybersecurity Professionals,” ACM Inroads, Volume 5 Issue 1, March 2014, Pages 57-68. doi>10.1145/2568195.2568214 Nowhere is the problem of lack of human capital more keenly felt than in the field of cybersecurity where the numbers and quality of well-trained graduates are woefully lacking [10]. In 2005, the National Academy of Sciences indicted the US education system as the culprit contributing to deficiencies in our technical workforce, sounding the alarm that we are at risk of losing our competitive edge [14]. While the government has made cybersecurity education a national priority, seeking to stimulate university and community college production of information assurance (IA) expertise, they still have thousands of IA jobs going unfilled. The big question for the last decade [17] has been 'where will we find the talent we need?' In this article, we describe one university's approach to begin addressing this problem and discuss an innovative curricular model that holistically develops future cybersecurity professionals.
    Keywords: cybersecurity, education and workforce development, pedagogy (ID#:14-2084)
    URL: http://dl.acm.org/citation.cfm?doid=2568195.2568214 or http://doi.acm.org/10.1145/2568195.2568214
  • Andrew McGettrick, Lillian N. Cassel, Melissa Dark, Elizabeth K. Hawthorne, John Impagliazzo, “Toward Curricular Guidelines For Cybersecurity,” Proceedings of the 45th ACM Technical Symposium On Computer Science Education, March 2014, Pages 81-82. doi>10.1145/2538862.2538990 This session reports on a workshop convened by the ACM Education Board with funding by the US National Science Foundation and invites discussion from the community on the workshop findings. The topic, curricular directions for cybersecurity, is one that resonates in many departments considering how best to prepare graduates to face the challenges of security issues in employment and future research. The session will include presentation of the workshop context and conclusions, but will be open to participant discussion. This will be the first public presentation of the results of the workshop and the first opportunity for significant response.
    Keywords: curriculum, security (ID#:14-2085)
    URL: http://dl.acm.org/citation.cfm?doid=2538862.2538990 or http://doi.acm.org/10.1145/2538862.2538990
  • Khaled Salah, “Harnessing the Cloud For Teaching Cybersecurity,” Proceedings of the 45th ACM Technical Symposium On Computer Science Education, March 2014, Pages 529-534. doi>10.1145/2538862.2538880 Cloud computing has become an attractive paradigm for many organizations in government, industry as well as academia. In academia, the cloud can offer instructors and students (whether local or at a distance) on-demand, dedicated, isolated, unlimited, and easily configurable machines. Such an approach has clear advantages over access to machines in a classic lab setting. In this paper, we show how cloud services and infrastructure could be harnessed to facilitate practical experience and training for cybersecurity. We used the popular Amazon Web Services (AWS) cloud; however, the use cases and approaches laid out in this paper are also applicable to other cloud providers.
    Keywords: cloud, cloud computing, computer security, cybersecurity, long distance education, network security, security (ID#:14-2086)
    URL: http://dl.acm.org/citation.cfm?doid=2538862.2538880 or http://doi.acm.org/10.1145/2538862.2538880
  • Daniel P. Shoemaker, “The Colloquium For Information System Security Education (CISSE)--The Adventure Continues, “ ACM Inroads, Volume 5 Issue 2, June 2014, Pages 50-54. doi>10.1145/2614512.2614527 An abstract is not available.
    Keywords: cybersecurity, education and workforce development (ID#:14-2087)
    URL: http://dl.acm.org/citation.cfm?doid=2614512.2614527 or http://doi.acm.org/10.1145/2614512.2614527
  • David H. Tobey, Portia Pusey, Diana L. Burley, “Engaging Learners In Cybersecurity Careers: Lessons From The Launch Of The National Cyber League,” ACM Inroads, Volume 5 Issue 1, March 2014, Pages 53-56. doi>10.1145/2568195.2568213 Educators and sponsors endorse competitions as a strong, positive influence on career choice. However, empirical studies of cybersecurity competitions are lacking, and evidence from computer science and mathematics competitions has been mixed. Here we report initial results from an ongoing study of the National Cyber League to provide a glimpse of the role of competitions in fostering cybersecurity career engagement. Preliminary results suggest that cyber competitions attract experienced individuals who will remain in the profession for the long-term, but future research is needed to understand how cyber competitions may engage women and those new to the field.
    Keywords: competitions, cybersecurity, education and workforce development (ID#:14-2088)
    URL: http://dl.acm.org/citation.cfm?doid=2568195.2568213 or http://doi.acm.org/10.1145/2568195.2568213
  • Diana L. Burley, Jon Eisenberg, Seymour E. Goodman, “Would Cybersecurity Professionalization Help Address the Cybersecurity Crisis?” Communications of the ACM, Volume 57 Issue 2, February 2014, Pages 24-27. doi>10.1145/2556936 Evaluating the trade-offs involved in cybersecurity professionalization. (ID#:14-2089)
    URL: http://dl.acm.org/citation.cfm?doid=2556647.2556936 or http://doi.acm.org/10.1145/2556936

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.