Subscribe to RSS Feed (Opens in New Window)

Education

SSETGami: Secure Software Education Through Gamification

Hector Suarez, University of Tennessee at Chattanooga
Hooper Kincannon, University of Tennessee at Chattanooga
Li Yang, University of Tennessee at Chattanooga

Since web browsers have become essential to accomplishing everyday tasks, developing secure web applications has become a priority in order to protect user data, corporate databases and critical infrastructure against cyber-crimes . This research presents a game-like (gamification) approach to teach key concepts and skills on how to develop secure web applications. Gamification draws on motivational models, one of psychological theories. Gamification design has great potential over traditional education where we often find students demotivated and lecturers failing to engage them in learning activities. This research created game-like learning modules to teach top vulnerabilities and countermeasures for these top vulnerabilities in secure web developments including SQL injection, broken authentication and session management, cross site scripting, insecure direct object references, etc. In this paper, each module is self-contained with a module background, sample module questions, and the expected learning outcomes of each module.

"Think Before You Click. Post. Type." Lessons learned from our University Cyber Secuity Awareness Campaign

Rachael Innocenzi, Eastern Michigan University
Kaylee Brown, Eastern Michigan University
Peggy Liggit, Eastern Michigan University
Samir Tout, Eastern Michigan University
Andrea Tanner, Eastern Michigan University
Theodore Coutilish, Eastern Michigan University
Rocky Jenkins, Eastern Michigan University

This article discusses the lessons learned after implementing a successful university-wide cyber security campaign. The Cyber Security Awareness Committee (CyberSAC), a group comprised of diverse units across campus, collaborated together on resources, talent, people, equipment, technology, and assessment practices to meet strategic goals for cyber safety and education. The project involves assessing student learning and behavior changes after participating in a Cyber Security Password Awareness event that was run as a year-long campaign targeting undergraduate students. The results have implications for planning and implementing university-wide initiatives in the field of cyber security, and more broadly, higher education at large.