Student Misconceptions about Cybersecurity Concepts: Analysis of Think-Aloud Interviews

Thumbnail Image

Files

Student Misconceptions about Cybersecurity Concepts.pdf (315.93 KB)

Links to Files

https://digitalcommons.kennesaw.edu/jcerp/vol2018/iss1/5/

Permanent Link

http://hdl.handle.net/11603/11233

Collections

UMBC Computer Science and Electrical Engineering Department
UMBC Education Department
UMBC Faculty Collection
UMBC Student Collection

Author/Creator

Author/Creator ORCID

Date

2018

Type of Work

journal articles
Text

Department

Program

Citation of Original Publication

Thompson, Julia D.; Herman, Geoffrey L.; Scheponik, Travis; Oliva, Linda; Sherman, Alan; Golaszewski, Ennis; Phatak, Dhananjay; and Patsourakos, Kostantinos (2018) "Student Misconceptions about Cybersecurity Concepts: Analysis of Think-Aloud Interviews," Journal of Cybersecurity Education, Research and Practice: Vol. 2018 : No. 1 , Article 5. Available at: https://digitalcommons.kennesaw.edu/jcerp/vol2018/iss1/5

Rights

This item may be protected under Title 17 of the U.S. Copyright Law. It is made available by UMBC for non-commercial research and education. For permission to publish or reproduce, please contact the author.

Subjects

Adversarial thinking
Cybersecurity Assessment Tools (CATS)
cybersecurity education
information assurance
misconceptions
novice-led thematic analysis

Abstract

We conducted an observational study to document student misconceptions about cybersecurity using thematic analysis of 25 think-aloud interviews. By understanding patterns in student misconceptions, we provide a basis for developing rigorous evidence-based recommendations for improving teaching and assessment methods in cybersecurity and inform future research. This study is the first to explore student cognition and reasoning about cybersecurity. We interviewed students from three diverse institutions. During these interviews, students grappled with security scenarios designed to probe their understanding of cybersecurity, especially adversarial thinking. We analyzed student statements using a structured qualitative method, novice-led paired thematic analysis, to document patterns in student misconceptions and problematic reasoning that transcend institutions, scenarios, or demographics. Themes generated from this analysis describe a taxonomy of misconceptions but not their causes or remedies. Four themes emerged: overgeneralizations, conflated concepts, biases, and incorrect assumptions. Together, these themes reveal that students generally failed to grasp the complexity and subtlety of possible vulnerabilities, threats, risks, and mitigations, suggesting a need for instructional methods that engage students in reasoning about complex scenarios with an adversarial mindset. These findings can guide teachers’ attention during instruction and inform the development of cybersecurity assessment tools that enable cross-institutional assessments that measure the effectiveness of pedagogies.