Top

Journal of Computers in Education

Published in:

16-06-2021

Incorporating active learning activities to the design and development of an undergraduate software and web security course

Authors: Thitima Srivatanakul, Fenio Annansingh

Published in: Journal of Computers in Education | Issue 1/2022

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Data breaches and cybersecurity incidents have been a major concern for companies in various sectors, including healthcare, financial, entertainment, business, education, and government. Maintaining and protecting these systems requires a workforce that is educated with the practical and technical skills needed by cybersecurity experts for information warfare and non-technical skills demanded by the industry. This paper describes the design and development of an undergraduate software and web security course using active learning strategies. It discusses the rationale in the course design on the selected cybersecurity knowledge and skills for a cybersecurity course developed at York College of the City University of New York (CUNY). Several active learning activities were used to promote both technical security and non-technical skills necessary to perform cybersecurity work, such as think-pair-share, buzz group, and roleplay. The results show that active learning help promote students' development in solving problems, proposing solutions, and explaining ideas through writing and discussion, essential cybersecurity skills. The paper may serve as an informative guide for other instructors to promote active learning in their cybersecurity courses. A course evaluation survey has suggested favorable results using active learning activities in the class. Students believe that it helped them to understand complex concepts and engage with the materials and activities.

previous article Adoption of online education channel during the COVID-19 pandemic and associated economic lockdown: an empirical study from push–pull-mooring framework

next article Blending asynchronous and synchronous digital technologies and instructional approaches to facilitate remote learning

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Acharya, S., Ehrenreich, B., & Marciniak, J. (2015). OWASP inspired mobile security. In 2015 IEEE International Conference on Bioinformatics and Biomedicine (BIBM) (pp. 782–784). IEEE.

Alkhatib, O. J. (2018). An interactive and blended learning model for engineering education. Journal of Computers in Education, 5(1), 19–48.CrossRef

Bloom, B. S., Krathwohl, D. R., & Masia, B. B. (1984). Bloom taxonomy of educational objectives. In Allyn and Bacon. Pearson Education.

Boddy, S. and Pompon, R. (2017) Lessons learned from a decade of data breaches. https://www.f5.com/content/dam/f5/downloads/F5_Labs_Lessons_Learned_from_a_Decade_of_Data_Breaches_rev.pdf. Accessed 10 Sep 2020.

Bonwell, C. C., & Eison, J. A. (1991). Active Learning: Creating Excitement in the Classroom. 1991 ASHE-ERIC Higher Education Reports. ERIC Clearinghouse on Higher Education, The George Washington University, One Dupont Circle, Suite 630, Washington, DC 20036–1183.

Byun, M., Lee, Y., & Choi, J. Y. (2020). Analysis of software weakness detection of CBMC based on CWE. In 2020 22nd International Conference on Advanced Communication Technology (ICACT) (pp. 171–175). IEEE.

Cabaj, K., Domingos, D., Kotulski, Z., & Respício, A. (2018). Cybersecurity education: Evolution of the discipline and analysis of master programs. Computers & Security, 75, 24–35.CrossRef

Carlson, D. (2004). Teaching computer security. ACM SIGCSE. Bulletin, 36(2), 64–67.

Cawley, C. (2017). The impact on assessment results of changing to an active learning approach: a case study from an undergraduate computer science degree programme. Irish Journal of Academic Practice, 6(1), 9.

CBS News. (2005, July 7). Man Arrested For Stealing Wi-Fi. https://www.cbsnews.com/news/man-arrested-for-stealing-wi-fi/

Chatmon, C., Chi, H., & Davis, W. (2010). Active learning approaches to teaching information assurance. In 2010 Information Security Curriculum Development Conference (pp. 1–7).

Conklin, A. (2006). Cyber defense competitions and information security education: An active learning solution for a capstone course. In Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06) (Vol. 9, pp. 220b-220b). IEEE.

Deslauriers, L., McCarty, L. S., Miller, K., Callaghan, K., & Kestin, G. (2019). Measuring actual learning versus feeling of learning in response to being actively engaged in the classroom. Proceedings of the National Academy of Sciences, 116(39), 19251–19257.CrossRef

Fernando, S. Y., & Marikar, F. M. (2017). Constructivist Teaching/Learning Theory and Participatory Teaching Methods. Journal of Curriculum and Teaching, 6(1), 110–122.CrossRef

Forum of Incident Response and Security Teams (FIRST). (n.d.). Common Vulnerability Scoring System SIG. FIRST — Forum of Incident Response and Security Teams. https://www.first.org/cvss/

Freeman, S., Eddy, S. L., McDonough, M., Smith, M. K., Okoroafor, N., Jordt, H., et al. (2014). Active learning increase student performance in science, engineering, and mathematics. Proceedings of the National Academy of Sciences, 11(23), 8410–8415.CrossRef

Frost & Sullivan. (2017). 2017 Global Information Security Workforce Study. https://www.isc2.org/-/media/B7E003F79E1D4043A0E74A57D5B6F33E.ashx. Accessed 21 Oct 2020.

Furnell, S., & Bishop, M. (2020). Addressing cybersecurity skills: The spectrum, not the silo. Computer Fraud & Security, 2020(2), 6–11.CrossRef

Gehringer, E. F., & Miller, C. S. (2009). Student-generated active-learning exercises. In Proceedings of the 40th ACM technical symposium on Computer science education (pp. 81–85). https://dl.acm.org/doi/pdf/https://doi.org/10.1145/1508865.1508897

Henry, A.P. (2017). Mastering the cybersecurity skills crisis: realigning educational outcomes to industry requirements (Vol. 4). ACCS Discussion paper.

Hettiarachchi, E. (2019). Analyzing the impact of introducing active learning in a blended educational environment. International Journal of Learning and Teaching, 5(4)

ISC². (2019). Strategies for building and growing strong cybersecurity teams: (ISC)2 Cybersecurity Workforce Study. https://www.isc2.org/-/media/ISC2/Research/2019-Cybersecurity-Workforce-Study/ISC2-Cybersecurity-Workforce-Study-2019.ashx. Accessed 8 Oct 2020.

Joint Task Force on Cybersecurity Education. (2018). Cybersecurity Curricula 2017: Curriculum guidelines for post-secondary degree programs in cybersecurity. Association for Computing Machinery, New York. https://doi.org/10.1145/3184594CrossRef

Lai, C. L., & Hwang, G. J. (2016). A self-regulated flipped-classroom approach to improving students’ learning performance in a mathematics course. Computers & Education, 100, 126–140.CrossRef

Malik, S., & Janjua, F. (2011). Active Lecturing: an Effective Pedagogic Approach. International Journal of Academic Research, 3(2).

Mateti, P. (2003). A laboratory-based course on internet security. ACM SIGCSE Bulletin, 35(1), 252–256.CrossRef

Microsoft (2020). Microsoft Vulnerabilities Report, 2020. https://www.beyondtrust.com/resources/whitepapers/microsoft-vulnerability-report

National Centers of Academic Excellence in Cybersecurity (NCAE). (2020). National Centers of Academic Excellence in Cybersecurity Journal, 2020 Edition. https://www.caecommunity.org/sites/default/files/CAE_Book_Version_2.0_Compressed.pdf. Accessed 22 Nov 2020.

Nealy, C. (2005). Integrating soft skills through active learning in the management classroom. Journal of College Teaching & Learning (TLC), 2(4).

Newhouse, W., Keith, S., Scribner, B., & Witte, G. (2017). National initiative for cybersecurity education (NICE) cybersecurity workforce framework. (NIST special publication, 800–181). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-181

Nichols, S. (2018). I found a security hole in Steam that gave me every game's license keys and all I got was this... oh nice: $20,000. The Register. https://www.theregister.co.uk/2018/11/09/valve_steam_key_vulnerability/. Accessed 8 Oct 2020.

Opincaru, C. (2010). Web Security in University Curricula. Journal of Mobile, Embedded and Distributed Systems, 2(2), 84–90.

OWASP Foundation. (2017a). Introduction. Welcome to the OWASP Top 10 – 2017! https://owasp.org/www-project-top-ten/2017/Introduction.html. Accessed 8 Oct 2020.

OWASP Foundation. (2017b). Top 10–2017. The Ten Most Critical Web Application Security Risks. https://owasp.org/www-project-top-ten/. Accessed 8 Oct 2020.

OWASP Foundation. (n.d). OWASP WebGoat. https://owasp.org/www-project-webgoat/. Accessed 8 Oct 2020.

Pandya D., & Patel, N. J. (2016). OWASP top 10 vulnerability analyses in government websites. International Journal of Enterprise Computing and Business Systems, 6(1).

Pedley, D., McHenry, D., Motha, H., and Shah, J. (2018). Understanding the UK cybersecurity skills labour market. United States Sentencing Commission, Sentencing Guidelines for United States Courts. http://www.ussc.gov/FEDREG/05_04_notice.pdf Accessed 8 Oct 2020.

Perlroth, N. (2012, July 12). Yahoo Breach Extends Beyond Yahoo to Gmail, Hotmail, AOL Users. The New York Times. https://bits.blogs.nytimes.com/2012/07/12/yahoo-breach-extends-beyond-yahoo-to-gmail-hotmail-aol-users/. Accessed 8 Oct 2020.

Petersen, R., Santos, D., Smith, M., & Witte, G. (2020). Workforce Framework for Cybersecurity (NICE Framework) (NIST Special Publication 800–181 Revision 1). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-181r1CrossRef

Pickard, J., & Chou, T., & Lunsford, P. J., & Spence, J. (2013). IPv6 Security Course with Remote Labs - Design and Development Paper presented at 2013 ASEE Annual Conference & Exposition, Atlanta, Georgia. https://peer.asee.org/19848

Positive Technologies. (2019). Web Application Vulnerabilities: Statistics for 2018. https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Web-Vulnerabilities-2019-eng.pdf. Accessed 8 Oct 2020.

Poston, H. (2020). Mapping the OWASP top ten to blockchain. Procedia Computer Science, 177, 613–617.CrossRef

Potter, L.E., Vickers, G. (2015), June. What skills do you need to work in cyber security? A look at the Australian market. In Proceedings of the 2015 ACM SIGMIS Conference on Computers and People Research (pp. 67–72).

Pournaghshband, V. (2013), Teaching the security mindset to CS1 students. Proceedings of the 44th ACM technical symposium on computer science education. Denver, Colorado, USA, pp 347– 352.

Rahmalan, H., Ahmad, S. S. S., & Affendey, L. S. (2020). Investigation on designing a fun and interactive learning approach for Database Programming subject according to students' preferences. In Journal of Physics: Conference Series, 1529(2): 022076. IOP Publishing.

Risk-Based Security. (2019). Year End Report Data Breach Quick View. https://pages.riskbasedsecurity.com/2019-year-end-data-breach-quickview-report. Accessed 10 Sep 10 2020.

Sharwood, S. (2018, February 7). Uber quits GitHub for in-house code after 2016 data breach. The Register. https://www.theregister.com/2018/02/07/uber_quit_github_for_custom_code_after_2016_data_breach/

Schneier, B. (1999). Attack trees. Dr. Dobb’s Journal, 24(12), 21–29.

Shi, Y., Ma, Y., MacLeod, J., & Yang, H. (2020). College students’ cognitive learning outcomes in flipped classroom instruction: a meta-analysis of the empirical literature. Journal of Computers in Education, 7, 79–103. https://doi.org/10.1007/s40692-019-00142-8CrossRef

Sϕhoel, H., Jaatun, M. G., & Boyd, C. (2018). OWASP Top 10-Do Startups Care?. In 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security) (pp. 1–8). IEEE.

Sobral, S. R. (2020). Project based learning with peer assessment in an introductory programming course. In 4th International Conference on Education and Distance Learning Conference (ICEDL2020), Roma, Italia, July 17–19.

Srivatanakul, T., & Moore, T. (2021). Promoting Security Mindset through Hands-on Exercises for Computer Science Undergraduate Students. In 2021 International Conference on Engineering Education and Information Technology (EEIT2021), Nanjing, China.

Stuttard, D., & Pinto, M. (2011). The web application hacker's handbook: Finding and exploiting security flaws. John Wiley & Sons.

Styers, M. L., Van Zandt, P. A., & Hayden, K. L. (2018). Active learning in flipped life science courses promotes development of critical thinking skills. CBE–Life Sciences Education, 17(3), ar39.CrossRef

Švábenský, V., Vykopal, J., Cermak, M. and Laštovička, M., (2018), July. Enhancing cybersecurity skills by creating serious games. In Proceedings of the 23rd Annual ACM Conference on Innovation and Technology in Computer Science Education (pp. 194–199).

Tharayil, S., Borrego, M., Prince, M., Nguyen, K. A., Shekhar, P., Finelli, C. J., & Waters, C. (2018). Strategies to mitigate student resistance to active learning. International Journal of STEM Education, 5(1), 7.CrossRef

Thongthua, A., & Ngamsuriyaroj, S. (2016, May). Assessment of hypervisor vulnerabilities. In 2016 International conference on cloud computing research and innovations (ICCCRI) (pp. 71–77). IEEE.

Timmerman, B., & Lingard, R. (2003, November). Assessment of active learning with upper-division computer science students. In 33rd Annual Frontiers in Education, 2003. FIE 2003. (Vol. 3, pp. S1D-7). IEEE.

Topham, L., Kifayat, K., Younis, Y. A., Shi, Q., & Askwith, B. (2016). Cyber security teaching and learning laboratories: A survey. Information & Security, 35(1), 51.

The MITRE Corporation. (2020). 2020 CWE Top 25 Most Dangerous Software Weaknesses. https://cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html. Accessed 8 Oct 8 2020.

Walden, J. (2008, October). Integrating web application security into the IT curriculum. In Proceedings of the 9th ACM SIGITE conference on Information technology education (pp. 187–192).

Yu, H., Liao, W., Yuan, X., & Xu, J. (2006). Teaching a web security course to practice information assurance. In Proceedings of the 37th SIGCSE technical symposium on Computer science education (pp. 12–16).

Zetter, K. (2009, January 6). Weak Password Brings "Happiness" to Twitter Hacker. Wired. https://www.wired.com/2009/01/professed-twitt/. Accessed 8 October 2020.

Title: Incorporating active learning activities to the design and development of an undergraduate software and web security course
Authors: Thitima Srivatanakul
Fenio Annansingh
Publication date: 16-06-2021
Publisher: Springer Berlin Heidelberg
Published in: Journal of Computers in Education / Issue 1/2022
Print ISSN: 2197-9987
Electronic ISSN: 2197-9995
DOI: https://doi.org/10.1007/s40692-021-00194-9

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 1/2022

Analyzing students’ performance in computerized formative assessments to optimize teachers’ test administration decisions using deep learning frameworks

A systematic literature review on adaptive content recommenders in personalized learning environments from 2015 to 2020

Blending asynchronous and synchronous digital technologies and instructional approaches to facilitate remote learning

Adoption of online education channel during the COVID-19 pandemic and associated economic lockdown: an empirical study from push–pull-mooring framework

Self-directed learning of core vocabulary in English by EFL learners: comparing the outcomes from paper and mobile application flashcards

Premium Partner