research-article

Public Access

Integration and Evaluation of Spiral Theory based Cybersecurity Modules into core Computer Science and Engineering Courses

Authors:

Harinni K. Kumar,

Vinod K. Lohani,

N. Dwight Barnette,

Dave McPherson,

Calvin J. Ribbens, and

Paul E. PlassmannAuthors Info & Claims

SIGCSE '20: Proceedings of the 51st ACM Technical Symposium on Computer Science Education

February 2020

Pages 9 - 15

https://doi.org/10.1145/3328778.3366798

Published: 26 February 2020 Publication History

Abstract

Cybersecurity education has been emphasized by several national organizations in the United States, including the National Academy of Engineering, which recognizes securing cyberspace as one of the 14 Engineering Grand Challenges. To prepare students for such challenges and to enhance cybersecurity education opportunities at our large research university, we implemented an NSF-funded cybersecurity education project. This project is a collaborative effort between faculty and graduate students in the Engineering Education, Computer Science (CS) and Computer Engineering (CPE) departments at a major US research university. In this effort, we integrated cybersecurity learning modules into multiple existing core CS and CPE courses following Jerome Bruner's spiral-theory model, which has previously been used to reformulate several academic curricula. In this paper, we present our cybersecurity curriculum initiative, describe the spiral-theory based process we developed to implement the curriculum and provide an in-depth description of four reusable cybersecurity learning modules that we developed. A core tenet of spiral theory holds to revisit topics as students advance through their curriculum. This work applies this approach to Cybersecurity education by carefully designing the learning objectives of the modules and its contents. For evaluating these learning modules we implemented pre and post-tests to assess students' technical knowledge, their perceptions towards the modules' learning objectives, and how it influenced their motivation to learn cybersecurity. Our findings are overwhelmingly positive and the students' feedback has helped us improve these learning modules. Since its inception, our initiative has educated more than $2\,000$ students and is currently being used to revise the affected courses' syllabi.

References

[1]

N. Adamo-Villani, M. Oania, and S. Cooper. 2012. Using a Serious Game Approach to Teach Secure Coding in Introductory Programming: Development and Initial Findings. Journal of Educational Technology Systems, Vol. 41, 2 (2012), 107--131. https://doi.org/10.2190/ET.41.2.b

[2]

J. Aman, J.E. Conway, and C. Harr. 2010. A capstone exercise for a cybersecurity course. Journal of Computing Sciences in Colleges, Vol. 25 (2010), 207--212.

Digital Library

[3]

M. Anazco, A. J. Magana, and B. Yang. 2016. Employing Model-Eliciting Activities in Cybersecurity Education. In ASEE Annual Conference & Exposition. ASEE, New Orleans, LA. https://peer.asee.org/26943.

[4]

S. Bagchi-Sen, H.R. Rao, J.S. Upadhyaya, and S. Chai. 2010. Women in Cybersecurity: A Study of Career Advancement. IT Professional, Vol. 12 (03 2010), 24--31. https://doi.org/10.1109/MITP.2010.39

[5]

Ganesh Balasubramanian, Vinod Lohani, Ishwar Puri, Scott W Case, and Roop Mahajan. 2011. Nanotechnology Education-First Step in Implementing a Spiral Curriculum*. The International Journal of Engineering Education, Vol. 27 (01 2011).

[6]

A. Bandura, C. Barbaranelli, G. Caprara, and C. Pastorelli. 2001. Self-Efficacy Beliefs as Shapers of Children's Aspirations and Career Trajectories. Child Development, Vol. 72 (01 2001), 187--206. https://doi.org/10.1111/1467--8624.00273

[7]

C. Brown, F. Crabbe, R. Doerr, R. Greenlaw, C.Hoffmeister, J. Monroe, D. Needham, A. Phillips, S. Schall A. Pollman, J. Schultz, S. Simon, D. Stahl, and S. Standard. 2012. Anatomy, Dissection, and Mechanics of an Introductory Cyber-security Course's Curriculum at the United States Naval Academy. In Proceedings of the 17th ACM Annual Conference on Innovation and Technology in Computer Science Education (ITiCSE '12). ACM, Haifa, Israel, 303--308. https://doi.org/10.1145/2325296.2325367

[8]

J. S. Bruner. 1960. The process of education .Harvard University Press, Cambridge, MA, USA.

[9]

J. S. Bruner. 1996. The culture of education .Harvard University Press, Cambridge, MA, USA.

[10]

S. Buck and D. Burley. 2014. Cybersecurity education workshop: Final report . Technical Report. George Washington University, Arlington, VA, USA.

[11]

R. Doerr C. Brown, F. Crabbe and R. Greenlaw. 2003. Teaching hands-on network security: Testbeds and live exercises. JIW, Vol. 3, 2 (2003), 8--25.

[12]

D. Carlson. 2004. Teaching Computer Security. SIGCSE Bulletin, Vol. 36, 2 (June 2004), 64--67. https://doi.org/10.1145/1024338.1024374

Digital Library

[13]

S. Chai, S. Bagchi-Sen, R. Goel, H. Raghav Rao, and J.S. Upadhyaya. 2006. A Framework for Understanding Minority Students' Cyber Security Career Interests. In Proceedings of the 12th Americas Conference On Information Systems, Vol. 6. AMCIS, Atlanta, GA,USA, 413.

[14]

R.S. Cheung, J.P. Cohen, H.Z. Lo, and F. Elia. 2011. Challenge Based Learning in Cybersecurity Education. Presented at the International Conference on Security and Management. http://worldcomp-proceedings.com/proc/p2011/SAM5063.pdf

[15]

D.E. Chubin, K.M. Donaldson, B. Olds, and L.N. Fleming. 2008. Educating Generation Net--Can U.S. Engineering Woo and Win the Competition for Talent? Journal for Engineering Education, Vol. 97(3) (2008), 245--258.

[16]

A. G. Dixon D. DiBiasio, L. Comparini and W. M. Clark. 2001. A Project-based Spiral Curriculum for Introductory Courses in ChE: Part 3. Evaluation. Chemical Engineering Education,2001, Vol. 35(2) (2001), 140--47.

[17]

A. Das, C. Choi D. Voorhees, and C.E. Landwehr. 2017. Cybersecurity for Future Presidents: An Interdisciplinary Non-majors Course. In Proceedings of the 2017 ACM SIGCSE Technical Symposium on Computer Science Education (SIGCSE '17). ACM, Seattle, WA, USA, 141--146. https://doi.org/10.1145/3017680.3017713

[18]

J. Davis and M. Dark. 2003. Defining a curriculum framework in information assurance and security. In Proceedings of the 2003 ASEE Annual Conference. ASEE.

[19]

A. Dixon, W. Clark, and D. Dibiasio. 2000. Project-based, spiral curriculum for introductory courses in ChE. Part 2. Implementation. Chemical Engineering Education,2000, Vol. 34(4) (09 2000), 296--303.

[20]

W. Du. 2011. SEED: Hands-On Lab Exercises for Computer Security Education. IEEE Security Privacy, Vol. 9, 5 (2011), 70--73. https://doi.org/10.1109/MSP.2011.139

Digital Library

[21]

W. Du and R. Wang. 2008. SEED: A Suite of Instructional Laboratories for Computer Security Education. JERIC, Vol. 8, 1, Article 3 (March 2008), bibinfonumpages24 pages. https://doi.org/10.1145/1348713.1348716

[22]

K. Fisle, C. Shue, J. Guttman, and K. Kumar. 2015. SaTC-EDU: EAGER: Enhancing Cybersecurity Education through Peer Review . NSF award number 1500039n at Worcester Polytechnic Institute,. https://www.nsf.gov/awardsearch/showAward?AWD_ID=1500039

[23]

S. Furman, Yee-Yin M. F. Theofanos, Y-Y. Choong, and Brian B. Stanton. 2012. Basing Cybersecurity Training on User Perceptions. IEEE Security and Privacy, Vol. 10, 2 (2012), 40--49. https://doi.org/10.1109/MSP.2011.180

Digital Library

[24]

K.V. Gupta, B. Joseph, N. Alcantar, R. Toomey, and A. Sunol. 2008. A Spiral Curriculum for Chemical Engineering. AIChE Annual Meeting, Conference Proceedings, Vol. 54 (11 2008).

[25]

Hack2Secure. 2018. An Introduction to Core Security Concepts CIA Triad And AAA. https://www.hack2secure.com/blogs/an-introduction-to-core-security-concepts-cia-triad-and-aaa

[26]

G. Hackett, N. Betz, C. Manuel, and A.I. Rocha-Singh. 1992. Gender, Ethnicity, and Social Cognitive Factors Predicting the Academic Achievement of Students in Engineering. Journal of Counseling Psychology, Vol. 39 (10 1992), 527--538. https://doi.org/10.1037/0022-0167.39.4.527

[27]

J.M.D. Hill, C.A. Carver, J.W. Humphries, and U.W Pooch. 2001. Using an Isolated Network Laboratory to Teach Advanced Networks and Security. In Proceedings of the Thirty-second SIGCSE Technical Symposium on Computer Science Education (SIGCSE '01). ACM, NC, USA, 36--40. https://doi.org/10.1145/364447.364533

Digital Library

[28]

G. Richard I. Ahmed, V. Roussev. 2015. SaTC-EDU: EAGER: Peer Instruction for Cybersecurity Education . NSF award number 1500101 at University of New Orleans. https://www.nsf.gov/awardsearch/showAward?AWD_ID=1500101

[29]

B. Jones. 2009. Motivating students to engage in learning: The MUSIC Model of Academic Motivation. International Journal of Teaching and Learning in Higher Education, Vol. 21 (01 2009), 272--285.

[30]

D. R. Krathwohl. 2002. A Revision of Bloom's Taxonomy: An Overview. Theory Into Practice, Vol. 41, 4 (2002), 212--218. https://doi.org/10.1207/s15430421tip4104textunderscore2

[31]

W.R. Lent and G. Hackett. 1987. Career self-efficacy: Empirical status and future directions. Journal of Vocational Behavior, Vol. 30 (06 1987), 347--382. https://doi.org/10.1016/0001--8791(87)90010--8

[32]

Vinod K. Lohani, Mary Leigh Wolfe, Terry Wildman, Kumar Mallikarjunan, and Jeffrey Connor. 2010. Reformulating general engineering and biological systems engineering programs at Virginia Tech. Advances in Engineering Education, Vol. 2, 4 (1 12 2010), 1--30.

[33]

A. Shniderman M. Bachmann, L. Solberg. 2015. SaTC-EDU: EAGER: Education Initiative TECH MeD: Transdisciplinary Education for Critical Hacks of Medical Devicess . NSF award number 1500077 at Texas Christian University. https://www.nsf.gov/awardsearch/showAward?AWD_ID=1500077

[34]

M. Mary and H. Rossman. 2002. Building a Cyberwar Lab: Lessons Learned: Teaching Cybersecurity Principles to Undergraduates. SIGCSE, Vol. 34, 1 (2002), 23--27. https://doi.org/10.1145/563517.563349

Digital Library

[35]

P. Mateti. 2003. A Laboratory-based Course on Internet Security. SIGCSE Bulletin, Vol. 35, 1 (Jan. 2003), 252--256. https://doi.org/10.1145/792548.611982

Digital Library

[36]

H.J. Mattord and M.E. Whitman. 2004. Planning, Building and Operating the Information Security and Assurance Laboratory. In Proceedings of the 1st Annual Conference on Information Security Curriculum Development (InfoSecCD '04). ACM, Kennesaw, GA, USA, 8--14. https://doi.org/10.1145/1059524.1059527

[37]

L. Nweke. 2017. Using the CIA and AAA Models to explain Cybersecurity Activities. https://pmworldlibrary.net/wp-content/uploads/2017/05/171126-Nweke-Using-CIA-and-AAA-Models-to-explain-Cybersecurity.pdf

[38]

National Academy of Engineering. 2017. Grand Challenges for Engineering . Washington, DC. http://www.engineeringchallenges.org/9042.aspx

[39]

CyberSecurity Education project. 2019. An NSF Funded CyberSecurity Education project at VT . Virginia Tech. https://hosting.cs.vt.edu/CybersecurityEducation

[40]

M.B. Rosson, J.M. Carroll, and H. Sinha. 2011. Orientation of Undergraduates Toward Careers in the Computer and Information Sciences: Gender, Self-Efficacy and Social Support. TOCE, Vol. 11, 3, Article 14 (2011), bibinfonumpages23 pages. https://doi.org/10.1145/2037276.2037278

[41]

D.C. Rowe, B.M. Lunt, and J. Ekstrom. 2011. The Role of Cyber-security in Information Technology Education. In Proceedings of the 2011 Conference on Information Technology Education (SIGITE '11). ACM, West Point, NY, USA, 113--122. https://doi.org/10.1145/2047594.2047628

[42]

S. Mishra Sumita T. Howles, C. Romanowski and R.K. Rajendra. 2011. A holistic, modular approach to infuse cybersecurity into undergraduate computing degree programs. In Annual Symposium On Information Assurance (ASIA), Albany, NY. 7--8.

[43]

B. Taylor, M. Bishop, D. Burley, S. Cooper, R. Dodge, and R. Seacord. 2012. Teaching Secure Coding: Report from Summit on Education in Secure Software. In Proceedings of the 43rd ACM Technical Symposium on Computer Science Education (SIGCSE '12). ACM, Raleigh, NC, USA, 581--582. https://doi.org/10.1145/2157136.2157304

[44]

B. Taylor and S. Kaza. 2016. Introducing Secure Coding in CS0, CS1, and CS2 (Abstract Only). In Proceedings of the 47th ACM Technical Symposium on Computing Science Education (SIGCSE '16). ACM, Memphis, TN, USA, 715--715. https://doi.org/10.1145/2839509.2844684

[45]

D. Voorhees, A. Das, and C. Choi. 2017. Injecting and Assessing Cybersecurity Topics Within a Computer Science Program. Journal of Computing Sciences in Colleges, Vol. 32, 6 (June 2017), 54--66. http://dl.acm.org/citation.cfm?id=3069658.3069670

[46]

Y. Sakamoto W. H. Hui, Y. Tao. 2015. SaTC-EDU: EAGER: Development and Evaluation of Privacy Education Tools via Open Collaboration . NSF award number 1464800 at Stevens Institute of Technology, NJ, USA. https://www.nsf.gov/awardsearch/showAward?AWD_ID=1464800

[47]

P.J. Wagner and J.M. Wudi. 2004. Designing and Implementing a Cyberwar Laboratory Exercise for a Computer Security Course. In Proceedings of the 35th SIGCSE Technical Symposium on Computer Science Education (SIGCSE '04). ACM, VA, USA, 402--406. https://doi.org/10.1145/971300.971438

Cited By

Nadeem AStephenson BStone JBattestilli LRebelsky SShoop L(2024)Cybersecurity as a Crosscutting Concept Across an Undergrad Computer Science Curriculum: An Experience ReportProceedings of the 55th ACM Technical Symposium on Computer Science Education V. 110.1145/3626252.3630821(916-922)Online publication date: 7-Mar-2024
https://dl.acm.org/doi/10.1145/3626252.3630821
Bolante KChen KChen QZhang AStephenson BStone JBattestilli LRebelsky SShoop L(2024)Bringing Social Computing to Secondary School ClassroomsProceedings of the 55th ACM Technical Symposium on Computer Science Education V. 110.1145/3626252.3630795(123-129)Online publication date: 7-Mar-2024
https://dl.acm.org/doi/10.1145/3626252.3630795

Index Terms

Integration and Evaluation of Spiral Theory based Cybersecurity Modules into core Computer Science and Engineering Courses
1. Social and professional topics
  1. Professional topics
    1. Computing education
      1. Model curricula

Recommendations

Game based Cybersecurity Training for High School Students
SIGCSE '18: Proceedings of the 49th ACM Technical Symposium on Computer Science Education

Cybersecurity is critical to the national infrastructure, federal and local government, military, industry, and personal privacy. To defend the U.S. against the cyber threats, a significant demand for skilled cybersecurity workforce is predicted in ...
Read More
Development and Analysis of a Spiral Theory-based Cybersecurity Curriculum: (Abstract Only)
SIGCSE '18: Proceedings of the 49th ACM Technical Symposium on Computer Science Education

The current emphasis on cybersecurity worldwide, demonstrates the importance of this topic. This poster describes a unique NSF funded project that aims to create cybersecurity education opportunities at Virginia Tech (VT). It is a collaborative effort ...
Read More
A Capstone Design Project for Teaching Cybersecurity to Non-technical Users
SIGITE '16: Proceedings of the 17th Annual Conference on Information Technology Education

This paper presents a multi-year undergraduate computing capstone project that holistically contributes to the development of cybersecurity knowledge and skills in non-computing high school and college students. We describe the student-built Vulnerable ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGCSE '20: Proceedings of the 51st ACM Technical Symposium on Computer Science Education

February 2020

1502 pages

ISBN:9781450367936

DOI:10.1145/3328778

General Chairs:
Jian Zhang
Texas Woman's University, USA
,
Mark Sherriff
University of Virginia, USA
,
Program Chairs:
Sarah Heckman
North Carolina State University, USA
,
Pamela Cutter
Kalamazoo College, USA
,
Alvaro Monge
California State University, Long Beach, USA

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGCSE: ACM Special Interest Group on Computer Science Education

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 February 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

SIGCSE '20

Sponsor:

SIGCSE

SIGCSE '20: The 51st ACM Technical Symposium on Computer Science Education

March 11 - 14, 2020

OR, Portland, USA

Acceptance Rates

Overall Acceptance Rate 1,595 of 4,542 submissions, 35%

Upcoming Conference

SIGCSE Virtual 2024

Sponsor:
sigcse

1st ACM Virtual Global Computing Education Conference

December 5 - 8, 2024

Virtual Event , NC , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
559
Total Downloads

Downloads (Last 12 months)166
Downloads (Last 6 weeks)14

Other Metrics

View Author Metrics

Citations

Cited By

Nadeem AStephenson BStone JBattestilli LRebelsky SShoop L(2024)Cybersecurity as a Crosscutting Concept Across an Undergrad Computer Science Curriculum: An Experience ReportProceedings of the 55th ACM Technical Symposium on Computer Science Education V. 110.1145/3626252.3630821(916-922)Online publication date: 7-Mar-2024
https://dl.acm.org/doi/10.1145/3626252.3630821
Bolante KChen KChen QZhang AStephenson BStone JBattestilli LRebelsky SShoop L(2024)Bringing Social Computing to Secondary School ClassroomsProceedings of the 55th ACM Technical Symposium on Computer Science Education V. 110.1145/3626252.3630795(123-129)Online publication date: 7-Mar-2024
https://dl.acm.org/doi/10.1145/3626252.3630795

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents