Mapping the Landscape of Cybersecurity Education
How Is Cybersecurity Taught and How Is It Backed by Research?
More than 17,300 new security vulnerabilities were discovered in 2019. What is more, by 2021, the annual damages from cybercrime will cost the world a staggering $6 trillion.
With the globally rising importance of combating cyber threats, the cybersecurity workforce shortage is growing as well. In 2019, 4 million jobs that required cybersecurity expertise were unfilled.
Unfilled cybersecurity job positions globally.
In this situation, training more cybersecurity professionals is crucial. New curricula, courses, and training materials are created to fight the skill gap. However, cybersecurity includes many concepts, which can be taught in different ways and contexts. Therefore, we set on a journey to understand the current advances in cybersecurity education research and practice.
We examined 71 research papers published at two leading education conferences, ACM SIGCSE and ACM ITiCSE, from 2010 to 2019. The papers discuss cybersecurity courses, tools, exercises, and teaching approaches. For each paper, we mapped five aspects:
- Covered topics. We discovered that the technical topic areas are evenly covered; the most prominent are secure programming, network security, and offensive security. Moreover, human aspects, such as privacy and social engineering, are present as well.
- Teaching context. The focus is predominantly on university education. It is practical and includes hands-on training and labs.
- Evaluation methods. To evaluate the effectiveness of cybersecurity education, the researchers administer student questionnaires and surveys, and also knowledge tests.
- Research impact. A third of the papers provides additional materials. Other researchers can build upon them to deepen the results.
- Community of authors. Most authors come from the North American universities and governmental institutions. Interestingly, the footprint of C4e researchers is also visible.
Our results provide orientation in the area, a synthesis of trends, and implications for further research. Therefore, they are relevant for instructors, researchers, and anyone new in the field of cybersecurity education.
In the C4e project, we are building upon these results to research more effective methods of cybersecurity training. If you are interested in cybersecurity, follow us on our website: https://c4e.cz/.
Valdemar Švábenský, Jan Vykopal, Pavel Čeleda, April 2020
For this publication, we received the 3rd best paper award at the ACM SIGCSE conference. This prestigious conference is the largest venue in the world that focuses on computing education research and practice. In 2019, it marked its 50th anniversary with almost 2000 attendees.
References and Where to Learn More
- Full paper: https://is.muni.cz/publication/1567598/2020-SIGCSE-what-are-cybersecurity-education-papers-about-paper.pdf
- Slides: https://is.muni.cz/publication/1567598/2020-SIGCSE-what-are-cybersecurity-education-papers-about-presentation.pdf
- Video presentation: https://www.youtube.com/watch?v=tIpgOrcFvzI
- The author’s Ph.D. thesis proposal: https://is.muni.cz/th/ckc8w/thesis-proposal-svabensky.pdf
How to Cite This Paper
Valdemar Švábenský, Jan Vykopal, and Pavel Čeleda. 2020. What Are Cybersecurity Education Papers About? A Systematic Literature Review of SIGCSE and ITiCSE Conferences. In Proceedings of the 51st ACM Technical Symposium on Computer Science Education (SIGCSE ’20). Association for Computing Machinery, New York, NY, USA, 2–8. DOI: https://doi.org/10.1145/3328778.3366816
Exploring the Behavior of a Host to Improve Network Security
How to divide a network to security segments based on the network behavior?
C4e participated in the Cyberspace conference
C4e is the co-organizer of the annual international conference Cyberspace (cyberspace.muni.cz), which deals with social and legal issues related to new technologies.
C4e is a part of CONCORDIA H2020 project
CONCORDIA is a Horizon 2020 project that aims to integrate European cyber security competencies to strengthen European digital sovereignty and cybersecurity. One of the project consortium members is Masaryk University, specifically C4e.
Czech ICT law
On September 20 and 21, the Institute of Law and Technology of the Faculty of Law of MU, which cooperates with C4e, organizes the conference Czech Law and Information Technology.