Academic journal article Journal of Information Systems Education

Social Representations of Cybersecurity by University Students and Implications for Instructional Design

Academic journal article Journal of Information Systems Education

Social Representations of Cybersecurity by University Students and Implications for Instructional Design

Article excerpt

1. INTRODUCTION

Cybersecurity has become one of the most challenging issues of the digital age. Data breaches at major retailers such as Target and Neiman-Marcus (Ramji, 2014), serious exposures in software used to secure websites and technology products such as the OpenSSL Heartbleed Bug (Hackett, 2015), and successful attacks to gain access to government agencies' data by hacktivist groups like Anonymous (Kerner, 2013) have become almost commonplace events. Surveys of the current state of cybersecurity, such as Verizon's 2015 Data Breach Investigations Report (Verizon, 2015) which found over 100,000 confirmed security incidents in the prior year reported by 70 organizations involving 700 million compromised records and an estimated financial loss of $400 million, paint a vivid picture of the vulnerabilities of cybersecurity defenses and the relentless efforts of hackers to discover and exploit these weaknesses. New challenges and threats are continually emerging. Risk predictions for 2016, for example, include the increased spread of ransomware/cyberextortion, new vulnerabilities and threats due to the growth in cloud computing, and a wider range of security threats to industrial control systems via connected devices and networked systems through the Internet of Things (Tuttle, 2016).

As information systems (IS) educators, we are responsible for preparing our students to be aware of the risks in cyberspace, to see potential threats and to make good decisions in their professional and personal lives. While a decade ago many colleges and universities did not include the topic of IS security in the core body of knowledge offered to their students (Rotvoid and Landry, 2007; Whitman and Mattord, 2006), today security education and training is considered essential in order to prepare students for future roles as employees, managers, business owners, and members of the boardroom. The importance given to instruction in computer/information security can be seen in calls for its inclusion as a core component of the curriculum for all IS and business students (Piazza, 2006; White, Hewitt, and Kruck, 2013) and recommendations for cybersecurity-related learning objectives/topics for the IS core course in the IS 2010 Model Curriculum (Topi et al., 2010) (see Table 1). To respond to this mandate, IS educators are challenged with determining how best to incorporate computer/information security content into IS core courses, updating security-related content for other classes such as systems analysis and design (Salisbury, Ferratt, and Wynn, 2015), and launching new programs to meet urgent needs for a cybersecurity professional workforce (Burley, Eisenberg, and Goodman, 2014; Foltz and Renwick, 2011; Locasto et al., 2011).

The research in this paper focuses on cybersecurity education in the IS core course, defined as "The ability to protect or defend the use of cyberspace from cyber attacks" (NIST, 2013, p. 58). Several factors make this instruction especially challenging. One issue is the rapidly changing knowledge base related to cybersecurity as technology evolves, new vulnerabilities are identified/exploited by hackers, and new mitigation strategies are developed. Perhaps an even more challenging issue is the severe constraint on lecture-time and assignments that can be devoted to security topics due to the other material that must be covered. Instructors need strategies to leverage this limited time effectively. The purpose of the research study presented in this paper is to aid IS educators in that task.

Instructional design for cybersecurity topics in the IS core course begins with establishing learning objectives and identifying the high priority topics to be covered. Going beyond this, we posit that the design of an effective learning environment for this subject matter also depends upon understanding the perceptions of cybersecurity risks that students bring to the classroom. Unlike some other topics in the IS core course where prior exposure has been minimal, students are not 'blank slates' when it comes to cybersecurity. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.