Cybersecurity: Exploring core concepts through six scenarios

@article{Sherman2018CybersecurityEC,
  title={Cybersecurity: Exploring core concepts through six scenarios},
  author={Alan T. Sherman and David DeLatte and Michael Neary and Linda Oliva and Dhananjay S. Phatak and Travis Scheponik and Geoffrey L. Herman and Julia D. Thompson},
  journal={Cryptologia},
  year={2018},
  volume={42},
  pages={337 - 377}
}
ABSTRACT The authors introduce and explain core concepts of cybersecurity through six engaging practical scenarios. Presented as case studies, the scenarios illustrate how experts may reason through security challenges managing trust and information in the adversarial cyber world. The concepts revolve around adversarial thinking, including understanding the adversary; defining security goals; identifying targets, vulnerabilities, threats, and risks; and devising defenses. They also include… 

Student Misconceptions about Cybersecurity Concepts: Analysis of Think-Aloud Interviews

Students generally failed to grasp the complexity and subtlety of possible vulnerabilities, threats, risks, and mitigations, suggesting a need for instructional methods that engage students in reasoning about complex scenarios with an adversarial mindset.

The CATS Hackathon: Creating and Refining Test Items for Cybersecurity Concept Inventories

Validated assessment tools are needed so that cybersecurity educators have trusted methods for discerning whether efforts to improve student preparation are successful and whether they are ready to enter the workforce as cybersecurity professionals.

Experiences and Lessons Learned Creating and Validating Concept Inventories for Cybersecurity

The decisions the team made and the consequences of those decisions are explained, highlighting what worked well and what might have gone better in the CATS Project to create two concept inventories for cybersecurity.

Creating a Cybersecurity Concept Inventory: A Status Report on the CATS Project

The CATS project provides infrastructure for a rigorous evidence-based improvement of cybersecurity education and develops the CCI, a tool that will enable researchers to scientifically quantify and measure the effect of their approaches to, and interventions in, cybersecurity education.

Data Privacy Laws Response to Ransomware Attacks: A Multi-Jurisdictional Analysis

This chapter proposes an analysis of ransomware attacks through the lens of the well-established information security model, i.e. the CIA (confidentiality, integrity, and availability) triad, and examines whether ransomware will be considered a data breach under data privacy laws and what the legal implications of such breaches are.

Initial Validation of the Cybersecurity Concept Inventory: Pilot Testing and Expert Review

Evaluating the validity of the Cybersecurity Concept Inventory (CCI) for assessing student knowledge of core cybersecurity concepts after a first course on the topic showed that the CCI is sufficiently reliable for measuring studentknowledge of cybersecurity and that it may be too difficult as a whole.

The power of interpretation: Qualitative methods in cybersecurity research

Although qualitative methods are used when studying all key cybersecurity areas, they often lack the necessary rigor and detail observed in other research areas where quantitative methods are well-established.

The SFS summer research study at UMBC: Project-based learning inspires cybersecurity students

Scholarship for Service scholars at the University of Maryland, Baltimore County analyzed the security of a targeted aspect of the UMBC computer systems and discovered vulnerabilities stemming from weak architectural design, record overflow, and failure to sanitize inputs properly.

HackEd: A Pedagogical Analysis of Online Vulnerability Discovery Exercises

Hacking exercises generally were tailored to students’ prior security experience and support learning by limiting extraneous load and establishing helpful online communities, and a tradeoff between providing realistic challenges and burdening students with extraneous cognitive load was observed.

BIM-enabled facilities management (FM): a scrutiny of risks resulting from cyber attacks

This paper aims to unravel the impact of a cybersecurity breach, by developing a BIM-facilities management (FM) cybersecurity-risk-matrix to portray what a cybersecurity attack means for various working areas of FM.

References

SHOWING 1-10 OF 84 REFERENCES

How students reason about Cybersecurity concepts

This work is conducting a series of think-aloud interviews with cybersecurity students to study how students reason about core cybersecurity concepts, and intends to develop Cybersecurity Assessment Tools that can help assess the effectiveness of pedagogies.

Cybersecurity: The Essential Body Of Knowledge

This book is organized to help readers understand how the various roles and functions within cybersecurity practice can be combined and leveraged to produce a secure organization.

Identifying Core Concepts of Cybersecurity: Results of Two Delphi Processes

Results of two Delphi processes that polled cybersecurity experts to rate cybersecurity topics based on importance, difficulty, and timelessness provide a foundation for developing evidence-based educational cybersecurity assessment tools that will identify and measure effective methods for teaching cybersecurity.

Creating a Cybersecurity Concept Inventory: A Status Report on the CATS Project

The CATS project provides infrastructure for a rigorous evidence-based improvement of cybersecurity education and develops the CCI, a tool that will enable researchers to scientifically quantify and measure the effect of their approaches to, and interventions in, cybersecurity education.

Cybersecurity and Cyberwar: What Everyone Needs to Know®

1. Why cyberspace is wonderfulEL and complicated What is cyberspace? Why do people talk about the difference of a networked world? How does the Internet actually work? Who owns this thing? WaitEL You

Cyber Threat Metrics

The purpose of this report is to support the Operational Threat Assessment (OTA) phase of risk and vulnerability assessment by addressing threat metrics and models for describing malicious cyber threats to US FCEB agencies and systems.

Fundamentals of Information Systems Security

Revised and updated with the latest information from this fast-paced field, Fundamentals of Information System Security, Second Edition provides a comprehensive overview of the essential concepts readers must know as they pursue careers in information systems security.

Elementary Information Security

Comprehensive and accessible, Elementary Information Security covers the entire range of topics required for US government courseware certification NSTISSI 4011 and urges students to analyze a variety of security problems while gaining experience with basic tools of the trade.

A Classification of SQL-Injection Attacks and Countermeasures

An extensive review of the different types of SQL injection attacks known to date is presented, including descriptions and examples of how attacks of that type could be performed and existing detection and prevention techniques against SQL injections.

Cybersecurity Education in Universities

Issues about what should be taught and how are being ignored by many of the university faculty who teach cybersecurity courses--a problematic situation is explored.
...