T. Anderson1, B. Arief1, T. Basit2, R. Borup2, L. Rutherford2

1Newcastle University (UNITED KINGDOM)
2Staffordshire University (UNITED KINGDOM)
Cyberspace is a very real man-made environment, and like the physical realm, it provides many opportunities for misconduct, ranging from relatively petty theft to massive fraud, from dubious pornography to facilitating sexual offences against children, from overwriting a website to disrupting critical national infrastructure. Cyber criminals and cyber terrorists are continually searching out weaknesses in the defences that have been erected against them, such as encryption, firewalls and passwords, but there is one weakness that is pervasive across society: our individual lack of awareness, and of how to protect ourselves and our organisations against cyber attack. This paper reports on an EU funded project called SUCCEED which seeks to reduce that vulnerability through education; specifically, we want to advise Higher Education Institutions of measures by which curricula can be augmented to ensure that all graduates have an appropriate level of cyber savvy.

The paper’s structure reflects the project’s straightforward approach: first we identified what is needed in terms of knowledge and understanding of how to be protected in cyberspace, second we examined current provision (primarily to identify gaps, but also to refer to best-practice), third we will outline recommendations and have these validated by stakeholders, and finally we will disseminate our conclusions.

First Phase: Needs. We held four workshops involving employers from a range of commercial and public sectors. Group exercises involving a number of challenging scenarios were used to extract key areas of concern and priorities from the participants, and we analysed the results to create a weighted enumeration of what were regarded as the most significant issues. To gain added benefit we also sought to summarise what were perceived as common organisational/individual weaknesses and desiderata. These results will be presented in the full paper.

Second Phase: Gaps. We conducted a large number of interviews within our own two universities, talking to programme managers, curriculum developers and course presenters. Our overall aim was to ascertain to what extent currently taught material ensured that graduates (in each specific discipline):
• were aware of the threats and risks of cybercrime and terrorism;
• had appropriate knowledge to protect themselves and their organisations;
• acquired relevant skills sufficient to safeguard themselves (and others).
These discussions were held in the light of our findings from the first phase. We noted current good practice, and discussed apparent gaps with our interviewees. A summary of our findings and initial recommendations will be presented in the full paper.

Third Phase: Validation and Dissemination. We will then return to the stakeholders (the employers we consulted initially and the educators that we interviewed). Feedback on our findings and preliminary recommendations will be used to correct any errors or omissions and to refine the conclusions. We are using digital media and other routes to disseminate these preliminary outcomes so that feedback is also available from the wider community (e.g. delegates to this conference).

This is a relatively modest project, and will not claim to provide a definitive solution. However, we believe it can provide an important first step towards an enrichment of curricula that will better prepare graduates for the digital future they will participate in.