Post on 05-Jan-2016
Hybrid Education: An Effective Modality for K-12 Schools to Deliver Cybersecurity Education for
Teachers and Staff
Wiam Younes & George Semlch
Carnegie Mellon University & Robert Morris University
Why? Adoption of technology in schools NETS Standard Four for educators Federal and state compliance requirements
- CIPA- FERPA- HIPAA- Data Breach Act
Cyber crimes are on the rise Cyber citizenry Determining Cybersecurity education outline Method of delivery
C3 Education in Allegheny County Two studies
Pilot 50 participants
Mixed methods
- Quantitative (Surveyed 46 participants)
- Qualitative (20 in-depth interviews)
Participants role in school
The majority of the background survey participants (61%) were teachers, although some participants had
more than one role.
4
Teacher
Administrative staff
Technology staff
Paraprofessional
School nurse
Curriculum specialist
Counselor
Stem program director
0 5 10 15 20 25 30
28
9
5
2
2
2
1
1
Demographics
5
Some college but no degree
Associate degree
High school degree or equivalent
Bachelor degree
Graduate degree
1
1
5
17
22
Level of Education
The Use of Technology In School
100% use technology on daily basis in schools.
94% use computers and the internet more than once a day.
54% use mobile phones in education.
80% use the school attendance and grade system more than once a day.
70% use a Learning Management System e.g. Blackboard on daily basis.
74% use Wiki and/or blog on daily basis.
48% use Smart Board once a day.
• 24% on Safe Browsing • 28% on FERPA • 9% on the Safe use of
mobile devices • 4% Protecting personal
information online • 17% CIPA • 44% Cyberbullying
The level of C3 training in Allegheny County K-12 schools
7
The level of C3 training in Allegheny County K-12 schools and the frequency of provided training.
1. Segmented
2. Informal
3. Scattered
o “I don’t recall training for teachers and staff on cybersecurity, safety, and ethics topics.”o “Apart from general statements that I make all the time there has been NO formal
program of training.”o “No formal training. Policies are discussed in email or in staff meetings.”o Cyber School educators “No training; We are sure there is an AUP but we never read it;
some one at the school talks to students about acceptable behavior but we don’t know who.”
Topics considered beneficial
8
Socia
l Eng
inee
ring
and
Phish
ing
Data
secu
rity
and
back
up
CIPA &
FERPA
Malwar
e[vi
rus,
troja
n, sp
ywar
e]
Pass
wor
d an
d Pa
ssph
rase
PII a
nd Id
entit
y Th
eft
Cyber
bully
ing
secu
ring
emai
l acc
ount
Secu
re y
our c
ompu
ter
Digita
l etiq
uette
Secu
re y
our c
ompu
ter
Accep
tabl
e Use
Pol
icy
0
1
2
3
4
5
6
7
8
7
5
4 4 4
3
2 2
1 1 1 1
Topics of interest
9
00.5
11.5
22.5
33.5
44.5 4
2
1 1 1 1 1 1 1 1
Preferred Learning Modality
Hybrid Face-to-face Online
10
3 3
0.620.19 0.19
Learning Modality
# Participants In percent
Hybrid Modality Hybrid modality can accommodate:
Training on a range of cybersecurity topics
Differentiated learning
Schools training culture
Optimizing learning
Lead by example
Real life experiences
Consideration Move faculty and staff from understanding how to protect
personal identifiable information towards acknowledging their role in protecting their cyberspace.
Incorporate the previous experiences of faculty and staff
Link the benefits of learning to faculty and staff’s role in
building holistic responsible citizens Integrate personal knowledge and real life situations
Eliminate hurdles Celebrate appropriate behavior and initiatives
Build a C3 education program Select the topics
Provide online information or content
Hands on training on the use of anti-virus, manage email,
secure browsers and running updates
Facilitate peer-led sessions to share best practices
Support students led C3 projects
Support the integration of C3 topics in classrooms
Communicate the school’s policies and guidelines
Twice an academic year
Email reminders
During peer-led sessions
During hands on training
Occurrence of an event
Assess learningSelect four methods of assessment.
Monitor teachers and staff cybersecurity actions Conduct a pre and post assessment to assess any increase in the level of knowledge Encourage teachers to organize cybersecurity events, competitions and
presentations Monitor the number of incidents Attend classes covering C3 topics Build an assessment tool at the end of asynchronous content Collect participants' feedback at the end of hands on training session or peer-led
session Expose learners to a real-life cybersecurity threat Video tape a group led session for future discussion Monitor the number of questions and accurate responses in a Chatroom
Thank you
Let us begin the discussion.
Wiam Younes
wiamy@cmu.edu
@wyounes
@ wyounes
Safe Net Content https://safenet.3rox.net/