| NSF Org: |
DGE Division Of Graduate Education |
| Recipient: |
|
| Initial Amendment Date: | August 21, 2014 |
| Latest Amendment Date: | August 21, 2014 |
| Award Number: | 1418711 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Victor Piotrowski
vpiotrow@nsf.gov (703)292-5141 DGE Division Of Graduate Education EDU Directorate for STEM Education |
| Start Date: | September 1, 2014 |
| End Date: | August 31, 2018 (Estimated) |
| Total Intended Award Amount: | $299,468.00 |
| Total Awarded Amount to Date: | $299,468.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
4202 E FOWLER AVE TAMPA FL US 33620-5800 (813)974-2897 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
4202 E Fowler Ave Tampa FL US 33620-7800 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
|
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.076 |
ABSTRACT
The project will develop a case method capstone course for a new multidisciplinary Master's degree program in Cybersecurity at the University of South Florida (USF). It extends a project that focused on developing a capstone course for an undergraduate program employing the case method pedagogy. That study demonstrated the feasibility of building a course entirely around discussions of local case studies and demonstrated positive learning outcomes using a variety of instruments. The new MS-Cybersecurity program has been designed as a multidisciplinary offering by collaborating departments of Information Systems and Decision Sciences; School of Information; Criminology; and Instructional Technology. The case studies to be developed will all have a common focus, decision making related to cybersecurity, and will be published as an open-access textbook. The Secure and Trustworthy Cyberspace (SaTC) program funds proposals that address Cybersecurity from a Trustworthy Computing Systems perspective; a Social, Behavioral and Economic Sciences perspective; and proposals focusing entirely on Cybersecurity Education.
In fields such as business and education, the constructivist paradigm employed by the case method has proven to be an effective tool for developing judgment, problem solving and communication skills for complex situations. The focus of the capstone curriculum being developed is on improving the decision-making skills of individuals designing and using Information Technology systems. Additionally, the prior study found strong evidence that the process of developing cases can play a pivotal role in strengthening relationships between researchers, practice and students; this study will allow faculty teaching in the program to strengthen their ties with Cybersecurity professionals. This effort will contribute to the development of a repository of open access cases and teaching materials, and will provide training to a diverse set of faculty members in the use of case method instruction and case development. Specific project deliverables include development the Cybersecurity case studies; workshops offered to faculty members from other institutions; and an open access textbook that includes the cases and supporting materials along with a controlled-distribution instructor's manual that pays particular attention to the effective online use of the cases.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
The challenge of cybersecurity is intrinsically interdisciplinary, involving technical, psychological and economic elements. To date, much of the emphasis in cybersecurity education has focused on the technical side. The goal of the project was to develop educational materials specifically appropriate to build cybersecurity decision-making skills across all three domains. The pedagogical approach involved developing open access authentic discussion case studies of the type that are most commonly used in business education. Also included in the project goals were pilot testing the cases in a cybersecurity capstone course, offering faculty education on the use and development of cases through workshops, and the publication of all materials produced for the project.
Each of the cases developed for the project involved a study of a real-world situation. The focus of each case was an actual decision that needed to be made by a case protagonist. The presentation of the background needed to understand the case context required considerable depth, with the average case length being over 25 book pages. In the classroom, each case was used as the basis of a discussion that typically took 75-90 minutes. When used online, discussions were conducted asynchronously and typically resulted in 80-100 student posts over the course of a week. The targeted learning outcome of the discussion was improved judgment when faced with complex decisions with cybersecurity implications.
The cases were organized around the NIST cybersecurity framework:
IDENTIFY
CYBER INSURANCE AT USF: An IT director at the university is tasked with determining if it makes sense for the university to acquire a cybersecurity insurance policy.
DO THE CLOUDS REALLY HAVE LIMITS?: A small business consultant has been asked to explore the feasibility of moving an organization’s proprietary training assets to the cloud so international training can be delivered more economically, particularly in the Far East. Securing their intellectual property was a major concern.
PROTECT
EXPANDING JOINT VULNERABILITY ASSESSMENT BRANCH: A firm that does red team penetration testing, principally for the government, finds itself constrained by its inability to hire personnel with the requisite network and radio-frequency skills. It considers a variety of options, constrained by the fact that its employees cannot have a criminal record.
MULTI-FACTOR AUTHENTICATION AT JAGGED PEAK: A firm that hosts a logistical and marketing platform has been asked by a client to implement multifactor authentication. It considers a variety of options and struggles with the potential unintended consequences that such an implementation could have on its other customers.
SECURING THE MUMA JOURNALS: The publisher of two new online journals considers the security implications of alternative platforms.
DETECT
EXPOSING SEXUAL PREDATORS WHO RUN MARTIAL ARTS SCHOOLS: Two martial arts enthusiasts deliberate on the application of proper cyber forensic procedures in order to catch sexual predators running or employed by martial arts studios.
EMPLOYING DYNAMIC LOGIC IN CYBERSECURITY: A mathematical physicist has developed algorithms that show considerable promise in detecting malware. He considers how to move forward, since this is not his area of specialization (or interest).
RESPOND
RELIAQUEST: BEHIND ENEMY LINES: A cybersecurity firm has to decide how to react to when client’s systems are compromised by malware.
RECOVER
GRANDON.COM GOT HACKED!: A professor’s personal website is hacked and he needs to decide how to respond.
ADDITIONAL CASES INVOLVING EDUCATING CLIENTS AND STUDENTS
THE QUEST FOR RELIABLE CYBER SECURITY: A client of a cybersecurity firm is willing to pay large fee in return for a guarantee of 100% protection. The company considers how to educate the client regarding what is realistic.
A CYBERSECURITY EXECUTIVE DBA?: The program director of a doctoral program in business for working executives considers the possibility of offering a cybersecurity concentration.
The project, originally planned for 2 years, took considerably longer than anticipated owing to the difficulty associated with finding suitable case sites. By the end of the project, 11 cases had been published individually and collectively (in book form), involving 20 different authors (including faculty, graduate students and one undergraduate), one 3-day and four 4-hour faculty workshops had been conducted, attended by more than 100 faculty members and roughly 25 graduate students. One cybersecurity course capstone course was pilot tested and plans were made to integrate a cybersecurity module using the cases into the college’s online MBA program. Individual cases were also incorporated into the college’s undergraduate and graduate Business Analytics and Information Systems programs.
With respect to intellectual merit, the project demonstrated the feasibility of developing cybersecurity cases and building a course around them, as well as using them individually as elements of other courses. It also identified the principal challenge: finding suitable sites. Its broader impacts included introducing case writing and the case discussion pedagogy to a large number of faculty and graduate students from many disciplines.
Last Modified: 09/23/2018
Modified by: T Grandon Gill
Please report errors in award information by writing to: awardsearch@nsf.gov.
