Physical Sciences and Mathematics Commons^™

Cybersecurity Educational Resources For K-12, Debra Bowen, James Jaurez, Nancy Jones, William Reid, Christopher Simpson

Journal of Cybersecurity Education, Research and Practice

There are many resources to guide successful K-12 cybersecurity education. The objective of these resources is to prepare skilled and ethical cybersecurity students at the earliest level to meet the demands of higher-level programs. The goal of this article is to provide, as a starting point, a list of as many currently popular K-12 educational resources as possible. The resources provided are broken into five categories: 1) Career Information, 2) Curriculum, 3) Competitions, 4) CyberCamps, and 5) Labs and Gaming. Each resource listed has a link, the K-12 levels that are supported, whether the resource is free or has a …

Digital Contact Tracing And Privacy, Mahdi Nasereddin, Edward J. Glantz, Galen A. Grimes, Joanne Peca, Michelle Gordon, Mike Bartolacci

Journal of Cybersecurity Education, Research and Practice

Digital contact tracing tools were developed to decrease the spread of COVID-19 by supplementing traditional manual methods. Although these tools have great potential, they were developed rather quickly resulting in tools with varying levels of success. The main issues with these tools are over privacy and who might have access to the information gathered. In general, their effectiveness varied globally, where users expressed privacy concerns associated with sharing identity, illness, and location information. This paper reviews these issues in deployments across Asia, Europe, and the United States. The goal is to begin a discussion that improves the design and development …

Security Simulations In Undergraduate Education: A Review, Joseph Simpson, Aaron Brantly

Journal of Cybersecurity Education, Research and Practice

Several decades of research in simulation and gamification in higher education shows that simulations are highly effective in improving a range of outcomes for students including declarative knowledge and interest in the topic being taught. While there appears to be a broad array of options to provide education in an undergraduate setting related to security, no previous reviews have explored computer-based simulations covering all facets of security. Given the increasing importance and adoption of interdisciplinary educational programs, it is important to take stock of simulations as a tool to broaden the range of problems, perspectives, and solutions presented to students. …

Assessing The Practical Cybersecurity Skills Gained Through Criminal Justice Academic Programs To Benefit Security Operations Centers (Socs), Lucy Tsado, Jung Seob "Scott" Kim

Journal of Cybersecurity Education, Research and Practice

Private-sector and public-sector organizations have increasingly built specific business units for securing company assets, reputation, and lives, known as security operations centers (SOCs). Depending on the organization, these centers may also be referred to as global security operations centers, cybersecurity operations centers, fusion centers, and corporate command centers, among many other names. The concept of centralized function within an organization to improve an organization’s security posture has attracted both the government and the private sectors to either build their own SOCs or hire third-party SOC companies.

In this article, the need for a multidisciplinary approach to cybersecurity education at colleges …

Editorial, Michael E. Whitman, Herbert J. Mattord, Hossain Shahriar

Journal of Cybersecurity Education, Research and Practice

Since 2016, it has been the mission of the Journal of Cybersecurity Education, Research, and Practice (JCERP) to be a premier outlet for high-quality information security and cybersecurity-related articles of interest to teaching faculty and students. This is the 12^th edition of the (JCERP) and, as ever, we are seeking authors who produce high-quality research and practice-oriented articles focused on the development and delivery of information security and cybersecurity curriculum, innovation in applied scholarship, and industry best practices in information security and cybersecurity in the enterprise for double-blind review and publication. The journal invites submissions on Information Security, Cybersecurity, …

Experimental Study To Assess The Impact Of Timers On User Susceptibility To Phishing Attacks, Amy E. Antonucci, Yair Levy, Laurie P. Dringus, Martha Snyder

Journal of Cybersecurity Education, Research and Practice

Social engineering costs organizations billions of dollars. It exploits the weakest link of information systems security, the users. It is well-documented in literature that users continue to click on phishing emails costing them and their employers significant monetary resources and data loss. Training does not appear to mitigate the effects of phishing much; other solutions are warranted. Kahneman introduced the concepts of System-One and System-Two thinking. System-One is a quick, instinctual decision-making process, while System-Two is a process by which humans use a slow, logical, and is easily disrupted. The key aim of our experimental field study was to investigate …

Faculty And Advisor Advice For Cybersecurity Students: Liberal Arts, Interdisciplinarity, Experience, Lifelong Learning, Technical Skills, And Hard Work, Brian K. Payne, Bria Cross, Tancy Vandecar-Burdin

Journal of Cybersecurity Education, Research and Practice

The value of academic advising has been increasingly emphasized in higher education. In this study, attention is given to the most significant types of advice that a sample of cybersecurity faculty and advisors from the Commonwealth of Virginia recommend giving to cybersecurity students. The results show that faculty and advisors recommended that students be aware of six different aspects of cybersecurity education including the value of experience, the need for lifelong learning, the importance of hard work, the need to develop technical skills, the interdisciplinary nature of cybersecurity, and the need to develop liberal arts or professional/soft skills. Implications of …

Subject Matter Experts’ Feedback On Experimental Procedures To Measure User’S Judgment Errors In Social Engineering Attacks, Tommy Pollock, Yair Levy, Wei Li, Ajoy Kumar

Journal of Cybersecurity Education, Research and Practice

Distracted users can fail to correctly distinguish the differences between legitimate and malicious emails or search engine results. Mobile phone users can have a more challenging time identifying malicious content due to the smaller screen size and the limited security features in mobile phone applications. Thus, the main goal of this research study was to design, develop, and validate a set of field experiments to assess user’s judgment when exposed to two types of simulated social engineering attacks: phishing and Potentially Malicious Search Engine Results (PMSER), based on the interaction of the environment (distracting vs. non-distracting) and type of device …

A Taxonomy Of Cyberattacks Against Critical Infrastructure, Miloslava Plachkinova, Ace Vo

Journal of Cybersecurity Education, Research and Practice

The current study proposes a taxonomy to organize existing knowledge on cybercrimes against critical infrastructure such as power plants, water treatment facilities, dams, and nuclear facilities. Routine Activity Theory is used to inform a three-dimensional taxonomy with the following dimensions: hacker motivation (likely offender), cyber, physical, and cyber-physical components of any cyber-physical system (suitable target), and security (capable guardian). The focus of the study is to develop and evaluate the classification tool using Design Science Research (DSR) methodology. Publicly available data was used to evaluate the utility and usability of the proposed artifact by exploring three possible scenarios – Stuxnet, …

The 2020 Twitter Hack – So Many Lessons To Be Learned, Paul D. Witman, Scott Mackelprang

Journal of Cybersecurity Education, Research and Practice

In mid-July 2020, the social media site Twitter had over 100 of its most prominent user accounts start to tweet requests to send Bitcoin to specified Bitcoin wallets. The requests promised that the Bitcoin senders would receive their money back doubled, as a gesture of charity amidst the COVID-19 pandemic. The attack appears to have been carried out by a small group of hackers, leveraging social engineering to get access to internal Twitter support tools. These tools allowed the hackers to gain full control of the high-profile user accounts and post messages on their behalf. The attack provides many paths …

Editorial Vol 2021, No 2, Herbert J. Mattord, Michael E. Whitman, Hossain Shahriar

Journal of Cybersecurity Education, Research and Practice

Welcome to the Winter 2021 edition of the Journal for Cybersecurity Education, Research, and Practice.

Toward A Student-Ready Cybersecurity Program: Findings From A Survey Of Stem-Students, Lora Pitman, Brian K. Payne, Tancy Vandecar-Burdin, Lenora Thorbjornsen

Journal of Cybersecurity Education, Research and Practice

As the number of available cybersecurity jobs continues to grow, colleges strive to offer to their cybersecurity students an environment which will make them sufficiently prepared to enter the workforce after graduation. This paper explores the academic and professional needs of STEM-students in various higher education institutions across Virginia and how cybersecurity programs can cater to these needs. It also seeks to propose an evidence-based approach for improving the existing cybersecurity programs so that they can become more inclusive and student-ready. A survey of 251 college students in four higher-education institutions in Virginia showed that while there are common patterns …

The Impact Of A Gencyber Camp On In-Service Teachers’ Tpack, Kevin M. Thomas, Jessica Ivy, Kristin Cook, Robert R. Kelley

Journal of Cybersecurity Education, Research and Practice

The purpose of this study was to examine the impact of a GenCyber camp curriculum on teachers’ technology, pedagogy, and content knowledge (TPACK). The camp was designed to engage participants in developing the knowledge and skills to incorporate GenCyber Cybersecurity First Principles and GenCyber Cybersecurity Concepts (GenCyber, 2019) into their curriculums. Participants (37 middle and high school teachers from a variety of disciplines) attended one of two weeklong camps held at a Midwestern liberal arts university. Using the TPACK Self-Reflection and TPACK Self-Assessment Surveys, pre- and post-camp data were collected from participants. Findings indicate that participants demonstrated an increase in …

Editorial, Michael E. Whitman, Herbert J. Mattord, Hossain Shahriar

Journal of Cybersecurity Education, Research and Practice

Since 2016, it has been the mission of the Journal of Cybersecurity Education, Research, and Practice (JCERP) to be a premier outlet for high-quality information security and cybersecurity-related articles of interest to teaching faculty and students. This is the 13^th edition of the (JCERP) and, as ever, we are seeking authors who produce high-quality research and practice-oriented articles focused on the development and delivery of information security and cybersecurity curriculum, innovation in applied scholarship, and industry best practices in information security and cybersecurity in the enterprise for double-blind review and publication. The journal invites submissions on Information Security, Cybersecurity, …