Abstract:

In recent years, the topic of IT security has become more and more popular and has slowly found its way into teaching in higher education. Especially, in the age of the Internet of Things (IoT), in which many components are interconnected and exchange sensitive data (e.g. smart homes, autonomous vehicles), in our opinion, it is becoming increasingly important to integrate knowledge about the development of secure systems (secure software engineering) into academic teaching. This applies not only to computer science courses, but also to engineering courses, since both disciplines fuse and engineers are now frequently involved in the development of IoT components in the industry.

However, teaching security and secure software engineering to non-computer-scientists is rare. Therefore, we focus our research on the integration of IT security into software engineering education of non-computer scientists, particularly electrical engineers, by means of inductive teaching- and learning-arrangements.

As a prerequisite for inductive teaching, this paper deals with engineering and computer science students’ preconceptions of the topics IT security and secure software engineering to identify learning contents and corresponding teaching methods to improve academic learning and teaching in both areas in the future.

Preconceptions are conceptions of a specific topic that a person has acquired before being confronted with its actual theory or facts. They can either be positive (correct) and can be used as a connection point for the lecture, or negative (wrong), so called misconceptions, which need to be addressed [1]. Hence, in order to derive the specific learning contents and choose suitable teaching methods, we first have to evaluate which level of knowledge and which preconceptions our engineering students have regarding IT security and secure software engineering.

To identify those preconceptions we have conducted guided interviews with freshmen of engineering studies and computer science studies from different German universities of applied sciences. These interviews contained questions asking students about what they have heard about the topic of IT security, e.g, how it is possible to attack software and who is responsible for implementing secure software. Those interviews then have been coded according to the coding process of the Grounded Theory Method of Corbin and Strauss [2], with focus on open and axial coding. The goal was to derive a first catalogue of students’ preconceptions according to IT security and secure software engineering. As a next step, we will use this catalogue as an orientation to select required learning content for both topics and choose suitable (inductive) teaching methods to include IT security in our software engineering courses for non-computer scientists. We present the first version of the catalogue in the paper.

References:
[1] C. Gold-Veerkamp, "Using grounded theory methodology to discover undergraduates' preconceptions of software engineering," 2018 IEEE Global Engineering Education Conference (EDUCON), Tenerife, 2018, pp. 707-711. doi: 10.1109/EDUCON.2018.8363300
[2] J. M. Corbin and A. L. Strauss. “Basics of qualitative research: techniques and procedures for developing grounded theory”. Sage Publications, Inc, Los Angeles, Calif, 3rd ed edition, 2008.

Keywords:

IT security, secure software engineering, academic education, preconceptions.