October 2019 Update
As will surprise very few researchers, our blog is out of date! However, that's because we've been working hard coding our data, working on our concept inventory, and developing hands-on exercises (and a delivery framework) to teach improved ways of thinking about these issues.
Here's a status report, as of late October, 2019.
We completed our survey in the spring of 2019; 87 respondents generated 469 responses about "commonsense misconceptions" that they believed novices often hold about computer security. We coded our data looking for highly represented misconceptions, which resulted in a list of 17 succinct, one-sentence descriptions of those misconceptions, which we have also expanded into short (1-2 paragraph) explanations.
We have started work on our concept inventory, which will be a multiple-choice test to help identify the extent to which CS students (or other novices) hold these misconceptions about security. We are following an approach where we develop open-ended (i.e., short answer) questions targeting these misconceptions, which we will give to groups of students. We will collect their responses, looking for similar wrong answers. The most commonly represented wrong answers will then be used as the foundation for the "distractors" (wrong answers) on the multiple-choice version of the concept inventory. We'll be giving our our open ended test in the Fall of 2019 and Spring of 2020 to get those student misconceptions. We'll then construct the multiple-choice test and begin validating it using standard practices for concept inventories (similar to the work we are helping with for the CCI and the CCA from the CATS project).
We have also started work on hands-on exercises to help break and re-form students conceptions of these important aspects of information security. The goal is that each exercise will give students an experience that demonstrates the common, but mistaken, conception of the topic and then shows them the "correct" (or current best practice) approach to the topic, explaining why it's an improvement over the common misconception. These exercises will be freely available online and are being developed with the twin goals of being as effective as possible for "fixing" the misconceptions while also being as easy as possible for students and instructors to use. Our goal is that the exercises will be usable individually, so that users do not have to complete all the exercises to benefit from them. We have a framework that delivers exercises using standalone VMs, web-accessible VMs, interactive web apps, and other written materials, with the goal that all project resources will be available through this one interface. Our goal is that beta versions of some of these exercises will be available this Fall, and in the Spring we'll be working to show that the exercises are effective at remediating these misconceptions.
The last major piece of the puzzle is to create the videos. These videos will be available on YouTube and will serve as companions to the exercises -- teaching the materials in a different way. These videos will be relatively short, dynamic and engaging, using animation, diagrams, or other features to keep them interesting. The goal is not to detail every aspect of the misconception, but to help people understand that the simple, intuitive way of thinking of the topic is not sufficient for secure practice. These videos will start becoming available in Spring of 2019.
If you're interested in this project, or would like to help, please reach out to me, Peter Peterson, at pahp@d.umn.edu. Thanks!
Here's a status report, as of late October, 2019.
We completed our survey in the spring of 2019; 87 respondents generated 469 responses about "commonsense misconceptions" that they believed novices often hold about computer security. We coded our data looking for highly represented misconceptions, which resulted in a list of 17 succinct, one-sentence descriptions of those misconceptions, which we have also expanded into short (1-2 paragraph) explanations.
We have started work on our concept inventory, which will be a multiple-choice test to help identify the extent to which CS students (or other novices) hold these misconceptions about security. We are following an approach where we develop open-ended (i.e., short answer) questions targeting these misconceptions, which we will give to groups of students. We will collect their responses, looking for similar wrong answers. The most commonly represented wrong answers will then be used as the foundation for the "distractors" (wrong answers) on the multiple-choice version of the concept inventory. We'll be giving our our open ended test in the Fall of 2019 and Spring of 2020 to get those student misconceptions. We'll then construct the multiple-choice test and begin validating it using standard practices for concept inventories (similar to the work we are helping with for the CCI and the CCA from the CATS project).
We have also started work on hands-on exercises to help break and re-form students conceptions of these important aspects of information security. The goal is that each exercise will give students an experience that demonstrates the common, but mistaken, conception of the topic and then shows them the "correct" (or current best practice) approach to the topic, explaining why it's an improvement over the common misconception. These exercises will be freely available online and are being developed with the twin goals of being as effective as possible for "fixing" the misconceptions while also being as easy as possible for students and instructors to use. Our goal is that the exercises will be usable individually, so that users do not have to complete all the exercises to benefit from them. We have a framework that delivers exercises using standalone VMs, web-accessible VMs, interactive web apps, and other written materials, with the goal that all project resources will be available through this one interface. Our goal is that beta versions of some of these exercises will be available this Fall, and in the Spring we'll be working to show that the exercises are effective at remediating these misconceptions.
The last major piece of the puzzle is to create the videos. These videos will be available on YouTube and will serve as companions to the exercises -- teaching the materials in a different way. These videos will be relatively short, dynamic and engaging, using animation, diagrams, or other features to keep them interesting. The goal is not to detail every aspect of the misconception, but to help people understand that the simple, intuitive way of thinking of the topic is not sufficient for secure practice. These videos will start becoming available in Spring of 2019.
If you're interested in this project, or would like to help, please reach out to me, Peter Peterson, at pahp@d.umn.edu. Thanks!
Comments
Post a Comment