cart

Members

Join Login

Membership and collaboration facilitated by Member 365.

Members

Join Login

Membership and collaboration facilitated by Member 365.

26th Colloquium

  • Events
  • Updates
  • 26th Colloquium - The Role of Education in Dispelling Myths and Misconceptions in Cybersecurity

November 14, 2022

Online Session

26th Colloquium - The Role of Education in Dispelling Myths and Misconceptions in Cybersecurity

The Colloquium is honored to have as part of the 26th Colloquium the following panel:

The Role of Education in Dispelling Myths and Misconceptions in Cybersecurity

Panelists:

  • Eugene Spafford, Ph.D. of Purdue University, Chair
  • Leigh Metcaff, Ph.D. of Carnegie Mellon University / SEI CERT
  • Josiah Dykstra, Ph.D. of the National Security Agency

Abstract

There is a significant body of knowledge required to be successful in the profession and application of cybersecurity. Knowledge is passed along in many forms, including formal education and experiential learning. Given the need for personnel in the field many people do not receive much formal instruction, often “learning through doing.”

A potentially dangerous pitfall is perpetuating traditional practices or beliefs as truth without evidence. While cybersecurity is an evolving discipline, many people still hear the refrain “that’s the way it’s done” when questioning an approach. Folk wisdom and folklore are sometimes used merely to justify what we already do or believe rather than as informed guidelines for action. Myths arise because of misunderstandings or by making poor analogies to other fields.

In this session, the panelists will discuss their observations and experiences of cybersecurity myths across academia, industry, and government. They will draw on their decades of experience to discuss pitfalls they've encountered and examples of folk wisdom including: Is the user the weakest link? Is more security always better? Is cyber offense easier than defense? This will also touch on some of the biases humans bring to decision-making, and how those may negatively influence good security practices. These include the action and conformity biases.

The panel will illuminate opportunities for education to help dispel prevalent and widespread myths that can be avoided or mitigated for the benefit of more effective cybersecurity. Portions of this presentation are drawn from personal experience and courses taught by the panelists, including a regular course offered at Purdue University as part of the graduate cybersecurity curriculum.


Last modified on Friday, 16 September 2022 14:50

More in this category: « 26th Colloquium - Call for Papers

The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's goal is to work together to define current and emerging requirements for information assurance education and to influence and encourage the development and expansion of information assurance curricula, especially at the graduate and undergraduate levels.

As a 501(c)(3), CISSE relies on member support. If you value our mission of service, please consider making a donation.

Donate Today

Recent Posts