What Are Cybersecurity Education Papers About?: A Systematic Literature Review of SIGCSE and ITiCSE Conferences

Cybersecurity is now more important than ever, and so is education in this field. However, the cybersecurity domain encompasses an extensive set of concepts, which can be taught in different ways and contexts. To understand the state of the art of cybersecurity education and related research, we examine papers from the ACM SIGCSE and ACM ITiCSE conferences. From 2010 to 2019, a total of 1,748 papers were published at these conferences, and 71 of them focus on cybersecurity education. The papers discuss courses, tools, exercises, and teaching approaches. For each paper, we map the covered topics, teaching context, evaluation methods, impact, and the community of authors. We discovered that the technical topic areas are evenly covered (the most prominent being secure programming, network security, and offensive security), and human aspects, such as privacy and social engineering, are present as well. The interventions described in SIGCSE and ITiCSE papers predominantly focus on tertiary education in the USA. The subsequent evaluation mostly consists of collecting students' subjective perceptions via questionnaires. However, less than a third of the papers provide supplementary materials for other educators, and none of the authors published their dataset. Our results provide orientation in the area, a synthesis of trends, and implications for further research. Therefore, they are relevant for instructors, researchers, and anyone new in the field of cybersecurity education. The information we collected and synthesized from individual papers are organized in a publicly available dataset.

[1]  Kai Petersen,et al.  Guidelines for conducting systematic mapping studies in software engineering: An update , 2015, Inf. Softw. Technol..

[2]  David Starobinski,et al.  A Simple Laboratory Environment for Real-World Offensive Security Education , 2015, SIGCSE.

[3]  Jean Mayo,et al.  Teaching Integer Security Using Simple Visualizations , 2019, ITiCSE.

[4]  Wei-Tek Tsai,et al.  V-lab: a cloud-based virtual laboratory platform for hands-on networking courses , 2012, ITiCSE '12.

[5]  Jun Zhu,et al.  Embedding Secure Coding Instruction into the IDE: A Field Study in an Advanced CS Course , 2015, SIGCSE.

[6]  Akbar Siami Namin,et al.  The Core Cyber-Defense Knowledge, Skills, and Abilities That Cybersecurity Students Should Learn in School , 2018, ACM Trans. Comput. Educ..

[7]  Shiva Azadegan,et al.  IPsecLite: a tool for teaching security concepts , 2010, SIGCSE.

[8]  Bill Chu,et al.  Evaluating Two Methods for Integrating Secure Programming Education , 2018, SIGCSE.

[9]  Khaled Salah,et al.  Harnessing the cloud for teaching cybersecurity , 2014, SIGCSE.

[10]  Earl W. Huff,et al.  From Midshipmen to Cyber Pros: Training Minority Naval Reserve Officer Training Corp Students for Cybersecurity , 2019, SIGCSE.

[11]  J. R. Landis,et al.  The measurement of observer agreement for categorical data. , 1977, Biometrics.

[12]  Michail N. Giannakos,et al.  Introductory programming: a systematic literature review , 2018, ITiCSE.

[13]  Irfan Ahmed,et al.  Topological Scoring of Concept Maps for Cybersecurity Education , 2019, SIGCSE.

[14]  Ahmed Ibrahim,et al.  Introducing Practical SHA-1 Collisions to the Classroom , 2019, SIGCSE.

[15]  Justin Cappos,et al.  Can the Security Mindset Make Students Better Testers? , 2015, SIGCSE.

[16]  Joint Task Force on Computing Curricula Computer Science Curricula 2013: Curriculum Guidelines for Undergraduate Degree Programs in Computer Science , 2013 .

[17]  Kai Petersen,et al.  Systematic Mapping Studies in Software Engineering , 2008, EASE.

[18]  Cynthia Taylor,et al.  ');DROP TABLE textbooks;--: An Argument for SQL Injection Coverage in Database Textbooks , 2019, SIGCSE.

[19]  Qijun Gu,et al.  Analysis and Exercises for Engaging Beginners in Online CTF Competitions for Security Education , 2017, ASE @ USENIX Security Symposium.

[20]  Sally Fincher,et al.  Computer Science Curricula 2013 , 2013 .

[21]  Binto George,et al.  A method for incorporating usable security into computer security courses , 2013, SIGCSE '13.

[22]  Laurence D. Merkle,et al.  Assessing the Impact of a National Cybersecurity Competition on Students' Career Interests , 2018, SIGCSE.

[23]  Zbigniew Kotulski,et al.  Cybersecurity education: Evolution of the discipline and analysis of master programs , 2018, Comput. Secur..

[24]  Siddharth Kaza,et al.  Security injections: modules to help students remember, understand, and apply secure coding techniques , 2011, ITiCSE '11.

[25]  Steve Carr,et al.  UNIXvisual: A Visualization Tool for Teaching UNIX Permissions , 2017, ITiCSE.

[26]  Jürgen Börstler,et al.  Educational Data Mining and Learning Analytics in Programming: Literature Review and Case Studies , 2015, ITiCSE-WGR.

[27]  Simon L. R. Vrhovec,et al.  The power of interpretation: Qualitative methods in cybersecurity research , 2019, ARES.

[28]  Jonathan White,et al.  Game based Cybersecurity Training for High School Students , 2018, SIGCSE.

[29]  Michael Locasto,et al.  A Survey of Ethical Agreements in Information Security Courses , 2016, SIGCSE.

[30]  Steve Carr,et al.  RBACvisual: A Visualization Tool for Teaching Access Control using Role-based Access Control , 2015, ITiCSE.

[31]  Yanick Fratantonio,et al.  Ten Years of iCTF: The Good, The Bad, and The Ugly , 2014, 3GSE.

[32]  Audun Jøsang,et al.  Global perspectives on cybersecurity education for 2030: a case for a meta-discipline , 2018, ITiCSE.

[33]  Pearl Brereton,et al.  Performing systematic literature reviews in software engineering , 2006, ICSE.

[34]  Daniel D. Garcia,et al.  The Teaching Privacy Curriculum , 2016, SIGCSE.

[35]  Michael Skirpan,et al.  Quantified Self: An Interdisciplinary Immersive Theater Project Supporting a Collaborative Learning Environment for CS Ethics , 2018, SIGCSE.

[36]  Johan Jeuring,et al.  A Systematic Literature Review of Automated Feedback Generation for Programming Exercises , 2018, ACM Trans. Comput. Educ..

[37]  Lauri Malmi Can we show an impact? , 2015, Inroads.

[38]  Justin Cappos,et al.  Teaching the security mindset with reference monitors , 2014, SIGCSE.

[39]  Jun Ma,et al.  AESvisual: A Visualization Tool for the AES Cipher , 2016, ITiCSE.

[40]  Zoë J. Wood,et al.  Fakesbook: A social networking platform for teaching security and privacy concepts to secondary school students , 2019, SIGCSE.

[41]  Brett A. Becker,et al.  50 Years of CS1 at SIGCSE: A Review of the Evolution of Introductory Programming Education Research , 2019, SIGCSE.

[42]  Steve Carr,et al.  MLSvisual: a visualization tool for teaching access control using multi-level security , 2014, ITiCSE '14.

[43]  Yair Levy The Joint Task Force on Cybersecurity Education , 2016, AMCIS.

[44]  Pablo Arias,et al.  CTF: State-of-the-Art and Building the Next Generation , 2017, ASE @ USENIX Security Symposium.