ChapterPDF Available

Interdisciplinary Cybersecurity: Rethinking the Approach and the Process

Authors:

Abstract and Figures

The need for cybersecurity professionals continues to grow and education systems are responding in a variety of ways. This study focusses on the “interdisciplinarity” of cybersecurity that contributes to the emerging dialogue on the direction, content and techniques involved in the growth and development of cybersecurity education and training. The study also recognizes the contributions of other disciplines to the field of cybersecurity by the discussion of relevant theories that contribute to understanding security in the context of legal, economics and criminology perspectives. Finally, quantitative analysis (security metrics) is done to understand the existing knowledge of security behaviors and beliefs among students from technical and non-technical majors, helps measure the interest fostered towards an academic pathway in cybersecurity and substantiates on the need for providing a level of cyber education for all individuals appropriate to their role in the society.
Content may be subject to copyright.
Interdisciplinary Cybersecurity: Rethinking
the Approach and the Process
Johanna Jacob, Michelle Peters
(&)
, and T. Andrew Yang
University of Houston Clear Lake, Houston, TX 77058, USA
petersm@uhcl.edu
Abstract. The need for cybersecurity professionals continues to grow and
education systems are responding in a variety of ways. This study focusses on
the interdisciplinarityof cybersecurity that contributes to the emerging dia-
logue on the direction, content and techniques involved in the growth and
development of cybersecurity education and training. The study also recognizes
the contributions of other disciplines to the eld of cybersecurity by the dis-
cussion of relevant theories that contribute to understanding security in the
context of legal, economics and criminology perspectives. Finally, quantitative
analysis (security metrics) is done to understand the existing knowledge of
security behaviors and beliefs among students from technical and non-technical
majors, helps measure the interest fostered towards an academic pathway in
cybersecurity and substantiates on the need for providing a level of cyber
education for all individuals appropriate to their role in the society.
Keywords: Interdisciplinary cybersecurity Cybersecurity Education
Cybersecurity Collaborative cybersecurity
1 Introduction
1.1 Background and Problem
The term cybersecurityhas been the highlight of academic literature for many years.
With a signicant rise in the proliferation of technology and the innovation that comes
along with it, cybercrime has equally penetrated all aspects of human endeavor. The
rising number of breaches and threats to personal, organizational and national safety
have led to an increased focus on the defensive measures. It has in fact become the
highest priority items on the global policy and national security agendas [1]. According
to Cyber Security Business report, Cyber Crime damage costs will hit $6 trillion
annually by 2021 [2]. In response, the Cybersecurity Policy Review [3] demands for a
national strategy to develop awareness and incorporate a cyber-secure workforce that is
adequate in expertise and skills to be cyber-ready against the potential threats faced by
the nation. There is a serious need for cybersecurity talent [1] to secure the infras-
tructure of federal and private entities against the growing cyber risks.
A 2017 survey by Statista reports [4] that the greatest cybersecurity problem of the
United States was hacking by foreign governments. The challenges posed by tech-
nology misuse and abuse are manifold and requires an equal contribution from
©Springer Nature Switzerland AG 2020
K.-K. R. Choo et al. (Eds.): NCS 2019, AISC 1055, pp. 6174, 2020.
https://doi.org/10.1007/978-3-030-31239-8_6
computer science and social science researchers to better understand the dynamics of
the attack and perpetrator, and to propose a feasible solution to combat it. To exemplify
this, consider phishing emails. Phishing emails can be blocked by email server software
based on rules and classication strategies that are congured on the server end.
However, it may still penetrate through to the end user. Potential recipients must be
able to identify and understand these phishing messages as a threat to reduce the
chances of being victimized. One needs to understand the behavioral and attitudinal
differences that led some to respond to fraudulent messages while some others do not.
On a much larger scale, it is important for organizations to understand the attack, the
attacker and the dynamics around them.
Holt [5] points out that it is critical to situate a cybercrime threat or vulnerability in
a multidisciplinary context. A holistic approach to cybersecurity is one that considers
the many disciplines that produce cybersecurity professionals technical and non-
technical alike, in a coherent fashion. Such an approach respects the relative contri-
butions of the different subelds and recognizes that, prospective cybersecurity pro-
fessionals must develop an expertise within their individual subeld while
simultaneously understanding how their work ts into rest of the eld.
However, such an approach to cybersecurity has been stove piped for decades in
the education system of the nation. For instance, the disciplines of computer science
and engineering are focused on developing algorithms and secure devices that support
sensitive systems, and data/information processing while information technology and
information assurance focus on better techniques, tools and process to protect infor-
mation from being misused. While there is a higher emphasis on understanding the
technical nature of the cyber environment, the networked systems, operating systems
and the security threats around them, there is little to no emphasis on the human actors
and their decision-making process that plays vital role in a cyber-attack being suc-
cessful [6]. Knowing this will allow institutions or organizations to tailor educational
programs accordingly.
1.2 Signicance
This study will signicantly recognize the contributions of other disciplines to the eld
of cybersecurity by the discussion of theories that contribute to the understanding
security in the context of legal, economics and managerial perspectives. A quantitative
analysis is done to understand the existing knowledge of security behaviors and beliefs
and measure the interest fostered towards an academic pathway in cybersecurity. The
results of the analysis will help to understand the demand and need for a collaborative
cybersecurity program in the Department of Computer Science.
2 Literature Review
The breathtaking pace of change in computing and technology and its widespread
adoption in virtually every human endeavor has led to the dawn of a never seen era of
Interdisciplinarity. Nearly all eld of human activity require an understanding and
application of that eld within the context of one or more other elds. As Way [7]
62 J. Jacob et al.
quotes it, Interdisciplinarity is the combining of two or more disciplines into a single,
cross-discipline learning experience. This section will highlight the importance of an
interdisciplinary education in cybersecurity followed by contributing theories from
disciplines as criminology, legal studies and economics and detail on the theoretical
framework which baselines the quantitative study.
2.1 Cybersecurity and Criminology
Thousands of Cyber-attacks are being launched against internet users across the world.
In fact, cyber-attacks have become arduously frequent and highly expensive to indi-
vidual users, businesses, organizations, economies and other infrastructural entities. In
2016, Symantec [8] discovered more than 430 million unique pieces of new malware,
91% of these were originated by employing phishing techniques.
It is globally realized that humans are the weakest link in cybersecurity. Most of the
system security organizations work on the premise that human factor is the weakest
link in cybersecurity. In fact, humans have moved ahead of machines as the top target
for cybercriminals. There were 3.8 billion internet users in 2017, up from 2 billion in
2015 [9]. According to Cybersecurity Ventures [10], there will be 6 billion internet
users by 2022 and more than 7.5 billion internet users by 2030. This vast increase in the
number of internet users raises concern in terms of vulnerabilities and emerging threats
by ideologically motivated offenders to cause harm and further their political and social
agendas.
However, a lack of empirical research on cyber-attackers limits our knowledge of
the factors that affect their behavior. As Sandeep [11] denotes, the interaction between
computers and humans is not a simple mechanism but is instead a complex interplay of
social, psychological, technical and environmental factors operating in a continuum of
organizational internality and externality. Within the eld of criminology, numerous
theories exist to elucidate why crime occurs, why certain people engage in deviant
behavior while others refrain from it and ways to help predict future crime behaviors
and practices [12]. This below section presents some of the theories in the light of
cybercrime as follows:
Akers Social Learning Theory. Precisely used to explain a diverse body of criminal
behaviors, this theory encompasses four fundamental avenues namely, differential
association, denitions, differential reinforcement, and imitation. The theory reinforces
the idea that individuals develop motivation and skills to commit crime by associating
themselves with those who are involved in crime (deviant peers). With respect to
cybercrime, research indicates that this theory can help elaborate the issues of software
piracy. Burruss et al. [13], found that individuals who associate with software piracy
peers learn and consequently follow the deviant conduct. Not only does the social
learning theory explain for software piracy but also posits to other cybercrimes because
of its ability to explain the rationalizations, skills and behavior that the criminals are
reinforced with through their association with, and observation of others [13]. Thus, the
main idea behind this theory is understanding the motives of delinquent peers and their
functions in the context of various cyber-crimes.
Interdisciplinary Cybersecurity: Rethinking the Approach and the Process 63
Routine Activity Theory. Developed by Cohen and Felson, this theory posits that the
behavior of most victims is repetitive and predictable, and that the likelihood of vic-
timization is dependent on three important elements - motivated offenders, suitable
targets and the absence of capable guardians [14]. While the motivated offender is
someone willing to commit a crime if an opportunity presents itself, the target is the
one that the motivated offender values (e.g., credit card information) and the capable
guardian is a person or an entity that obstructs the offenders ability to acquire the
target.
Situational Crime Prevention Theory. The situational crime prevention theory is a
strategy that addresses specic crimes by manipulating the environment in a way that
increases the risk to the offender, while reducing the potential reward for committing
the crime [14]. Unlike other criminology theories, this theory does not postulate on
why the offender did the crime. Rather, it tends to focus more on the reducing the crime
opportunities. Hardening the targets of crime by encrypting sensitive information,
implementing access control mechanisms, securing off-site data and performing
background checks on employees and restricting unauthorized installations on com-
puters are some of the examples of this theory. Situational Crime Prevention Theory is
used to reduce cyber stalking and other online victimization crimes. Criminal behavior
cannot be explained by one theory but requires a conjunction of various theories to
recompense for what each individual theory failed to explain. However, while crimi-
nological theory in the physical realm enjoys a rich history with diverse contributions
and clear paradigm development and shifts, explanatory research and studies with
respect to digital and electronic crime and information security success remains rela-
tively undeveloped.
2.2 Cybersecurity and Economics
The economics of cybersecurity or cyber economicsas the newly evolved name, is
one of the thriving interdisciplinary facets of growing cyber security issues in the
United States. Conservatively, a total of 15 billion US dollars are spent every year by
organizations in the United States to secure their communication and information
systems [7]. Though the investments are higher, the economic impacts of cyber-attacks
and breaches have set to surpass the cost of investment by large. In 2009, the cost of
cyber-attacks was estimated by the then President of United States, Barack Obama, to
be 1 trillion dollars per year or translated as 6% of the Gross Domestic Product of the
United States [15]. However, the estimates have appeared to vary widely. In 2010,
internet crime cost totaled to 560 million USD, out of which Phishing, one of the top
social engineering attacks, accounted to 120 million dollar per quarter [7].
In order to effectively learn and understand the economically complex cyber-
attacks, it is important to understand the interconnections and complexities in our
economy that cyber attackers use to cause greater destruction. In lieu of this, the
following economical concepts are discussed as below,
Economic Redundancies. The rst feature of our economy that is crucial to cyberat-
tack consequences is the way systems can substitute for other systems. These redun-
dancies are usually the main factor limiting the consequences of a cyberattack. To deal
64 J. Jacob et al.
with redundancies, cyber attackers employ combinations of cyberattacks designed to
produce Intensier Effects. These are simultaneous attacks on different systems or
businesses that could otherwise serve as substitutes for each other. When several sys-
tems could serve as substitutes, a successful cyberattack on the rst of these systems will
generally have extremely limited consequences. Further successful attacks on those
systems that can substitute will produce only very small increases in destructiveness.
This continues until the capacity of the remaining systems is no longer enough to
allow them to take over for the systems that have been attacked. The consequences of
the cyberattacks will then go abruptly from being small to being huge. This has
important implications for the planning of almost any cyberattacks. In this regard,
Economic redundancies, and the potential for intensier Effects to overcome them, will
be a major consideration in choosing targets [15].
Economic Interdependencies. The second economic feature thats crucial to cyber-
attack consequences is the way production is organized into value chains. For instance,
one company might turn ore into metal. Another company will turn the metal into
mechanical parts. Another company will incorporate the mechanical parts into air-
planes. This interdependency is the basis for any kind of economic cooperation. But on
the other hand, these interdependencies provide enormous opportunities for cyber
attackers to nd ways to exploit. The reason is that mechanisms that companies employ
to coordinate their value chains can also be used to make compensating adjustments if
part of the value chain is disrupted [15]. The below owchart diagrams the economic
activities. The systems that make up the value chain are represented as channels that
ow into each other. To exploit such value-chain attacks, cyber attackers need to
employ a combination of cyber-attack to produce a Cascade Effect. By this mechanism,
a successful attack on one set of businesses will affect numerous other businesses up
and down the value chain [15].
Economic Near Monopolies. Businesses and enterprises that are monopolies in their
area of service are prone to a higher range of cyber-attacks. Because near monopolies
produce large inputs through limited means, they give attackers opportunities to pro-
duce limited effects with limited means. To take advantage of such monopolies, cyber
attackers employ combinations of attacks specically designed to produce Multiplier
effects. The sort of companies that could be attacked to produce Multiplier Effects
would make especially tempting targets, because they are small sized. And their
budgets for cybersecurity are small.
From the discussion of the above economic concepts, the structural analysis of an
economy is a powerful tool for cyber attackers and it eventually becomes a more
essential tool for cyber defenders [15]. An effective cyber defense program or training
cannot be satised with identifying a few individual cyber-attack scenarios. Taking
proper accountability of economics in security thinking requires an adjustment in out-
look. Economics is therefore a powerful analytical tool to defend against cyber activities.
2.3 Cybersecurity and Legal Studies
The need for a comprehensive approach to cyber security deriving from the architecture
of the internet and emerging cyber threats and incidents requires a systematic
Interdisciplinary Cybersecurity: Rethinking the Approach and the Process 65
development, interpretation and application of legal areas and instruments. With
politically motivated cyber incidents on the rise, cyber security has grown into an
immediate area of concern for national governments and international organizations. In
this regard, an approach combining considerations of threat, deterrence and response
from different areas of authority and responsibility are signicant to cater to the
defensive actions against the attacks. This has led to the discussion of a coordinated
legal approach. From a legal perspective, this means that the national legal approaches
to data and consumer protection and due diligence will determine law enforcement and
national defense capabilities [16]. Understanding these legal policies in the light of
cybersecurity adds a holistic perspective to defending and responding to such attacks.
Some of the categories of legal studies in the light of cybersecurity have been briefed in
the following section.
Computer Crime Laws. These laws deal with a broad range of criminal offenses
committed using a computer or similar electronic device as identify thefts, online
stalking, bullying, sex crimes etc. This law typically includes procedural and legal
ramications for prohibition, investigation and prosecution of criminal activity [16]. Its
application extends to a wide range of elds as computer hacking, viruses, internet
gambling, encryption, online undercover operations, internet surveillance etc.
Information Privacy Laws. Information privacy laws includes the development of
constitutional, tort, contract, property, and statutory law to address emerging threats to
privacy. Laws under the information privacy law deal with privacy in the media, law
enforcement, and online transactions, medical and genetic privacy and for personal
privacy [16].
Homeland Security Law and Policy. These policies concern the Department of
Homeland Security and the adoption of the Homeland Security Act of 2002 [16]. The
laws under the Homeland Security dene legal responses and actions for protection of
critical infrastructure, information sharing, liability for terrorist attacks, risk insurance,
threats to electronic infrastructure and combating the nance of terrorism.
Counterterrorism Laws. These set of laws provide an analysis of legal mechanisms
in the elds of criminal, civil, military, immigration, and administrative law used by the
U.S. government to combat domestic and international terrorism. The laws also in
detail charts out the effectiveness of government actions and alternatives for achieving
public safety goals and the effect of such actions on U.S. citizens and citizens of other
countries.
Intelligence Laws. These set of laws identify and analyze current legal questions that
face intelligent practitioners. They also include constitutional, statutory and executive
authorities that govern the intelligence community. A comprehensive defense to cyber-
attacks includes a strong contribution from a legal perspective. Instead of addressing a
specic threat, cyber threats should be regarded as a spectrum where different stages
and effects of cyber incidents are aligned. Depending on the motivation, effects and
actors, a cyber-incident will be categorized as a breach of law short of cyber-crime,
crime, national security relevant incident or cyber warfare [16]. An interdisciplinary,
66 J. Jacob et al.
holistic education in Cybersecurity is borne out of understanding and applying these
laws in context to the security issues learnt.
2.4 A Multi-modular Approach to Interdisciplinary Education
in Cybersecurity
Based on the discussion of cyber related interdisciplinary theories in the above section,
the need for a comprehensive approach to cybersecurity is essential as it covers the
information society and the challenges tackled leading to a palliative understanding
rather than a stove piped approach [17].
In this regard, the newly developed model provides an opportunity to explore
technical and non-technical content in a four-year program by integrating disciplinary
and interdisciplinary electives at different levels. The model called as Multi-discipline,
Multi-level, Multi-thread modelallows potential candidates to specialize in subjects of
Cybersecurity along with
relevant interdisciplinary
subject matter. Figure 1
shows a diagrammatic rep-
resentation of the proposed
model. The model would
accommodate electives from
other disciplines that are rel-
evant to the Cyber domain.
The model works on a
top-down approach, allowing
different pedagogical meth-
ods to be employed in each
level of advancement.
Elaborating the model,
the following are taken into
consideration,
Cybersecurity for All. The
model is designed as a pro-
totype to foster an inclusive, interdisciplinary approach in Cybersecurity Education.
Although many four-year institutions have stringent requirements for general educa-
tion, the idea of putting cyber into general education courses applies to any college or
university. This approach that is named as Cybersecurity for allincludes an intro-
ductory cybersecurity course that envisions a taxonomy for cyber education across the
entire spectrum of curriculum, including non-technical, non-computing elds of study.
Cyber Modules. Cyber Modules will be the foundational element towards the
Cybersecurity for allframework. The modules can be incorporated into courses to
infuse knowledge about security measures and protocols. The modules are reusable,
interdisciplinary and can be aggregated as a unit (or thread) to be pluggable into
different disciplines, threads and electives. This will enable signicant addition of
cybersecurity into the core courses as well as in general education classes such as
Fig. 1. Multi-discipline, multi-level and multi-thread model
Interdisciplinary Cybersecurity: Rethinking the Approach and the Process 67
International Relations, Legal Studies, Business Administration, Management, Psy-
chology etc.
Cyber Electives (Interdisciplinary). Cyber electives include a myriad of courses that
could be adopted into the curriculum to infuse a holistic education in Cybersecurity. In
addition to the electives offered in Computer Science or Information Technology, the
cyber electives contain interdisciplinary electives from across the spectrum of courses.
These courses will include electives from Legal Studies, Economics, Criminology,
Business and Psychology.
Cyber Majors. Cyber Majors includes majors such as Computer Science, Information
Technology, Software Engineering and Computer Information Systems that allow
students to select chosen sub-topics within their desired major. The majors must present
core cyber subjects across their curriculum. The major must be culminated by a
Capstone Project in the Cyber Domain that gives students, an exposure to implement
the knowledge gained through the coursework [18]. Other than the above elements, the
model also greatly motivates enrichment opportunities by fostering student research
groups, clubs and chapters of renowned cyber associations that is inclusive of all
majors.
3 Understanding Security Metrics to Gauge Need
for an Interdisciplinary Program in Cybersecurity
In the above section, we discussed the need for an interdisciplinary approach in
Cybersecurity Education. However, such an approach requires a careful understanding
and an abstraction of the dynamics of the security state of an organization. Security
attacks are emerging as commonplace events in academic, government, public and
private sectors. According to Ciscos Midyear Cybersecurity Report [18], Business
Email Compromise (BEC) has become a highly lucrative threat vector for attackers. U.
S. $5.3 billion was stolen due to BEC fraud between October 2013 and December 2016
while ransomware exploits cost US$1 billion in 2016.With emerging challenges and
threats, it becomes imperative for preparing the talent in the pipeline with the required
exposure in terms of training and skills.
Incorporating an interdisciplinary instructional design for students from technical
and non-technical majors depends greatly on understanding the perceptions of cyber-
security risks, vulnerabilities, and practices that students bring to the classroom. Stu-
dents are not categorized as clear slateswhen it comes to cybersecurity. Rather,
students carry an initial understanding of security practices and risks that have been
shaped through various means (e.g., social media, course offerings) and personal
experiences. The purpose of this study was to abstract the existing knowledge of
security, awareness of threats and vulnerabilities, and the interest fostered towards a
career path in cybersecurity education, and workforce across students from technical
and non-technical majors. This abstraction will help develop a deeper understanding
and guide the development of curriculum, tools, labs and aid in the decision-making
process of incorporating cyber awareness within the organization.
68 J. Jacob et al.
3.1 Case Site
A case study of the University of Houston Clear Lake (UHCL) was used for this paper.
The population consisted of undergraduate students from the College of Business,
College of Human Sciences and Humanities, and College of Science and Engineering at
UHCL; a Hispanic-serving institution (HIS) with a current enrollment of 8,677 students.
Table 1displays the student population of UHCL along with race/ethnicity and
classication of students according to degrees for the previous academic school year
(20172018).
3.2 Participant Demographics
From the above population, a purposeful sample of students across different majors
were selected to participate in the survey. Altogether, 228 students participated in the
survey. Table 2displays the participant demographics regarding gender, age, and
race/ethnicity that took the selected classes. nrepresents the frequency, i.e., the
number of students that fall in that particular category and %represents the per-
centage value for the same.
Most students were female comprising of 56.4% (n = 128). Male participants
comprised of 43.9% (n = 100) of the sample population. About age classication,
participants in the 1824 age group constituted the majority of all the respondents,
comprising of 66.7% (n = 152), followed by students in the 2534 category, com-
prising of 28.1% (n = 64) of the total sample. Regarding Ethnicity, most of the survey
respondents identied themselves as White or Caucasian, comprising of 36.9%
Table 1. Student population at University of Houston - Clear Lake
Students (n) Percentage (%)
Degree
Undergraduate 6,064 71
Graduate 2,478 29
Gender
Male 3,176 37.2
Female 5,366 62.8
Enrollment by College
College of Education 1,486 16.6
College of Business 2,564 30
College of Human Sciences and Humanities 2,228 26.1
College of Science and Engineering 2,219 26
Race/Ethnicity
White 3,228 37.8
Hispanic/Latino 2,776 32.5
Black 689 8.1
International 894 10.5
Other 955 11.1
Interdisciplinary Cybersecurity: Rethinking the Approach and the Process 69
(n = 84). The Hispanic/Latino numbers were also close to that of White/Caucasian,
comprising of 36.9% (n = 86).
3.3 Materials, Methods and Procedure
For purposes of this study, a survey design was employed. A purposeful sample of
undergraduate students majoring in Economics, Computer Science, Information
Technology, Legal Studies, Management, and Criminology at UHCL were adminis-
tered the researcher-constructed Integrated Approach to Cybersecurity Education
Survey to assess student perceptions on security behavior and beliefs, and measure the
interest gathered towards an interdisciplinary approach. The data were analyzed using
descriptive statistics (frequencies, percentages), and a two-tailed paired samples t-test.
3.4 Findings and Discussion
Security Concern. In general, the perception of internet userssecurity and trust have
strong impact on carrying out their day to day activities on the internet. The results of
the analysis demonstrate that the usersperception generally meet the expectation of
their security concerns and lean towards the secure side.
Table 2. Overall participant demographics
Crim. CS Econ. IT Legal
Studies
Mgmt.
n% n% n% n% n% n%
Gender
Male 23 39.7 10 20.8 22 41.5 26 86.7 1 12.5 18 56.3
Female 35 60.3 37 77.1 31 58.5 4 13.3 7 87.5 14 43.8
Race
Asian 4 6.9 8 16.7 6 11.3 4 13.3 0 0 1 3.1
Black 3 5.2 5 10.4 6 11.3 0 0 0 0 3 9.4
Hispanic 24 41.4 18 37.5 15 28.3 8 26.7 7 87.5 12 37.5
Native Amer. 0 0 0 0 1 1.9 0 0 0 0 1 3.1
Other 0 0 2 4.2 0 0 0 0 0 0 0 0
2 or more 7 12.1 0 0 3 5.7 2 6.7 0 0 3 9.4
White 20 34.5 15 31.3 22 41.5 16 53.3 1 12.5 12 37.5
Age
1824 41 70.7 28 58.3 40 75.5 13 43.3 5 62.5 25 78.1
2534 13 22.4 17 35.4 9 17 15 50 3 37.5 7 21.9
3544 3 5.2 3 6.3 4 7.5 1 3.3 0 0 0 0
4554 1 1.7 0 0 0 0 1 3.3 0 0 0 0
5564 00 00 00 00 00 00
Note. Crim. = Criminology, CS = Computer Science, Econ. = Economics,
IT = Information Technology, Mgmt. = Management.
70 J. Jacob et al.
While only 9% of students from technical majors expressed their unconcern over their
security on the internet, more than 25% of students from the non-technical majors
expressed the same. From the data obtained, it is understood that students from tech-
nical majors were less unconcerned about their security on the internet than the students
from the non-technical majors.
It also helps understand that a relatively average number of students from the non-
technical majors could be susceptible to the attack of internet usage due to their
expressed unconcern (Fig. 2). This is also posited by Shropshire et al. [19], that there is a
strong connection between the intent to comply with security rules and the traits of
agreeableness and conscientiousness which means that accurate knowledge of security
concerns is inuenced by past experiences of making security decisions and executing
the same.
Protection from Viruses and Defensive Actions. The set of questions catered to
understand the perception of the respondents in terms of their security behaviors are of
concern in this section. This helped understand the types of security behaviors that
participants exhibited. The actions were clustered into two categories Behaviors that
place trust-in-software and behaviors that trust-in-self.
While respondents in the rst cluster agreed to have their anti-virus, rewall and
security products up to date, most of the students from the technical and the non-
technical majors claimed to do this to protect their devices against hackers. The second
cluster of behaviors place trust in themselves, about their restraint to accessing web-
sites, and carefulness to open email attachment or click on malicious downloads. 69.1%
of the students fell in this category. It is also of importance to note that the results of the
0
10
20
30
40
50
60
70
Computer Science
Criminology
Economics
InformaƟon
Technology
Legal Studies
Management
Sum of Not at all
Concerned
Sum of Very
Concerned
Fig. 2. An abstraction of security concerns from the survey
Interdisciplinary Cybersecurity: Rethinking the Approach and the Process 71
two-tailed paired t-test indicated a statistically signicant mean difference from the pre-
and post-survey (p < .001); implying that the respondents perceptions about defensive
actions against viruses were changed following an intervention that was administered
as part of the survey. The intervention included a short lecture on Security Practices.
Password Practices. Passwords are a key part of many security technologies and they
are the most commonly used authentication method. For a password system to be
secure, users must make conscious decisions about what passwords to use and where to
re-use passwords.
From the results of the analysis, 33.3% of students from Criminology agree that they
would use the same passwords for all the websites for consistency and ease while 66.6%
of students in the Management class agreed to write down the passwords in some form,
so they can look it up. This exhibits a sheer contradiction to the best practice in the eld
that passwords must be long, random and unique to each account. In this regard, Das
et al. [20] estimated that 4351% of users re-use passwords across accounts and Ur
et al. [21] denotes that people re-use passwords because they have never personally
experienced negative consequences stemming from re-use. This sheds some serious
concern on incorporating and educating student of novel password practices.
3.5 Security Metrics Versus Awareness
Based on the ndings, there is a serious need to develop and implement a security
awareness program spanning technical and non-technical majors in the case site. There
has been an exponential increase in the usage of internet, particularly among millen-
nials and older generation. A fact sheet from the Pew Research Center [7] quotes that
Millennials have often led older Americans in their adoption and use of technology
and this largely holds true today. But there has also been a signicant growth in tech
adoption in recent years among older generations. This denotes how reliance on
internet usage in fullling personal and academic tasks demonstrates a paradigm shift.
However, this increasing global population is one of the main contributing factors to
changes in cyber threats.
In coping with the cyber threat landscape that has transitioned from the use of
savvy hacking skills to sophisticated and well-planned strategies, cybersecurity
awareness is deemed essential for internet users like youngsters as a counter-measure
strategy to combat silent privacy invasion.
Cybersecurity awareness is dened as a methodology to educate internet users to be
sensitive to the various cyber threats and the vulnerabilities of computers and data to
these threats. Shaw et al. [22]denes cybersecurity as, the degree of usersunder-
standing about the importance of information security, and their responsibilities to
exercise sufcient levels of information control to protect the organizations data and
networks. These denitions help imply two signicant things, alerting internet users of
cybersecurity issues and threats, and enhancing internet usersunderstanding of cyber
threats so they can be fully committed to embracing securing during internet use.
72 J. Jacob et al.
4 Conclusion
From the analysis of the data gathered, a signicant understanding of the security
culture among students from technical and non-technical majors are understood. This
understanding establishes the baseline state of security in an academic institution with
security policies but no security awareness programs in place. Also, the study greatly
emphasizes that the importance of awareness cannot be ignored if security is a goal.
The understanding of the human element assists in dening the security metrics and
awareness strategies of an organization. This in turn deepens the understanding of the
foundations required for the design and development of a cybersecurity awareness
program that enhances a security culture, reduces the lackadaisical attitude of end users
that cause them to be the weakest link in the security chain. Deployment of such a
program across diverse disciplines and majors helps educate students on how to
address specic threats and increases their resilience in defensive actions against them.
Acknowledgement. This research has been supported by the National Science Foundation
(under grant #1723596) and by the National Security Agency (under grant # H98230-17-1-0355).
References
1. Newsweek Educational Insight: the Cybersecurity Threat - Fighting Back, 9th May
2017/2018. http://www.newsweek.com/insights/leading-cybersecurity-programs-2017
2. Morgan, S.: Top 5 cybersecurity facts, gures and statistics for 2018, 5 May 2018. https://
www.csoonline.com/article/3153707/security/top-5-cybersecurity-facts-gures-and-statistics.
html
3. Donovan, B.C.S., Daniel, M., Scott, T.: Strengthening the federal cybersecurity workforce.
In: Strengthening the Federal Cybersecurity Workforce, ed: Obama White House (2016)
4. Statista. U.S. government and cyber crime - Statistics & Facts. https://www.statista.com/
topics/3387/us-government-and-cyber-crime/
5. Holt, T.J.: Cybercrime Through an Interdisciplinary Lens. Taylor & Francis, Milton Park
(2016)
6. Ramirez, R.B.: Making cyber security interdisciplinary: recommendations for a novel
curriculum and terminology harmonization. Massachusetts Institute of Technology (2017)
7. Way, T., Whidden, S.: A loosely-coupled approach to interdisciplinary computer science
education. In: Proceedings of the International Conference on Frontiers in Education:
Computer Science and Computer Engineering (FECS), p. 1. The Steering Committee of the
World Congress in Computer Science, Computer Engineering and Applied Computing
(WorldComp) (2014)
8. Symantec Enterprises, 2018 Internet Security Threat Report (2018). https://www.symantec.
com/security-center/threat-report
9. Tirumala, S.S., Sarrafzadeh, A., Pang, P.: A survey on Internet usage and cybersecurity
awareness in students. In: 2016 14th Annual Conference on Privacy, Security and Trust
(PST), pp. 223228. IEEE (2016)
10. Reid, G.: How Many Internet Users Will The World Have In 2022, And In 2030? (2018).
https://cybersecurityventures.com/how-many-internet-users-will-the-world-have-in-2022-and-
in-2030/
Interdisciplinary Cybersecurity: Rethinking the Approach and the Process 73
11. Mittal, S.: Understanding the human dimension of cyber security. Indian J. Criminol.
Criminalistics 34, 141152 (2016)
12. Jaishankar, K.: Establishing a theory of cyber crimes. Int. J. Cyber Criminol. 1(2), 79
(2007)
13. Holt, T.J., Burruss, G.W., Bossler, A.M.: Social learning and cyber-deviance: examining the
importance of a full social learning model in the virtual world. J. Crime Justice 33(2), 3161
(2010)
14. Pratt, T.C., Holtfreter, K., Reisig, M.D.: Routine online activity and internet fraud targeting:
extending the generality of routine activity theory. J. Res. Crime Delinquency 47(3), 267
296 (2010)
15. Borg, S.: Economically complex cyberattacks. IEEE Secur. Privacy 3(6), 6467 (2005)
16. Wilk, A.: Cyber security education and law. In: 2016 IEEE International Conference on
Software Science, Technology and Engineering (SWSTE), pp. 94103. IEEE (2016)
17. Jacobson, D., Rursch, J., Idziorek, J.: Security across the curriculum and beyond. In:
Proceedings of the 2012 IEEE Frontiers in Education Conference (FIE), pp. 16. IEEE
Computer Society (2012)
18. CISCO. Cisco 2017 Midyear Cybersecurity Report (2017). www.cisco.com/c/dam/global/
es_mx/solutions/security/pdf/cisco-2017-midyear-cybersecurity-report.pdf
19. Das, A., Bonneau, J., Caesar, M., Borisov, N., Wang, X.: The tangled web of password
reuse. In: 12 Proceedings of the 2014 Network and Distributed System Security Symposium
(NDSS) (2014)
20. Melicher, W., Ur, B., Segreti, S.M., Komanduri, S., Bauer, L., Christin, N., Cranor, L.F.:
Fast, lean and accurate: modeling password guessability using neural networks. In:
Proceedings of USENIX Security (2016)
21. Chen, C.C., Shaw, R., Yang, S.C.: Mitigating information security risks by increasing user
security awareness: a case study of an information security awareness system. Inf. Technol.
Learn. Perform. J. 24(1), 115 (2006)
22. Caulkins, B.D., Badillo-Urquiola, K., Bockelman, P., Leis, R.: Cyber workforce develop-
ment using a behavioral cybersecurity paradigm. In: International Conference on Cyber
Conict (CyCon U.S.), pp. 16 (2016)
23. National Initiative for Cybersecurity Careers and Studies. https://niccs.us-cert.gov/
24. Jacob, J., Wei, W., Sha, K., Davari, S., Yang, T.A.: Is the nice cybersecurity workforce
framework (NCWF) effective for a workforce comprised of interdisciplinary majors? In:
International Conference Scientic Computing, CSC 2018 (2018)
25. Ramirez, R., Choucri, N.: Improving interdisciplinary communication with standardized
cyber security terminology: a literature review. IEEE Access 4, 22162243 (2016)
26. Rege, A.: Multidisciplinary experiential learning for holistic cybersecurity education,
research and evaluation. In: USENIX Summit on Gaming, Games, and Gamication in
Security Education (3GSE 15) (2015)
27. Fink, A., Litwin, M.S.: How to Assess and Interpret Survey Psychometrics. Sage, Thousand
Oaks (2003)
28. Rahim, N.H.A., Hamid, S., Mat Kiah, M.L., Shamshirband, S., Furnell, S.: A systematic
review of approaches to assessing cybersecurity awareness. Kybernetes 44(4), 606622
(2015)
74 J. Jacob et al.
... This research does not deal with the basic link between digital legal education and comprehension by students of cyber security. Major three trends that can be noted with the existing literature are studies that underpin the efficacy of digital legal education without delving into the cyber-security dimensions in detail (Gulyamov et al., 2023;Jacob et al., 2020;Dawson, 2018;Bondarenko et al., 2022;Storr & McGrath, 2023;Karasheva et al., 2024). Second, studies that analyze the negative impacts arising from the lack of cybersecurity education within digital legal curricula include studies by Crabb et al. (2024) and Gulyamov et al. (2023). ...
... In this regard, the interdisciplinarity of the cybersecurity education field is important for achieving a proper level of cybersecurity education for all members of society according to their status and role. This underscores potential gaps in cybersecurity education, for which a more holistic and inclusive approach needs to be pursued (Jacob, Peters, & Yang, 2020). ...
... On this note, further exploring the nature of this research, it is clear that there is a primary intention on how technology will be capitalized on to advance legal education and improve awareness of cyber-security. The most commonly explored topics include the use of e-learning platforms, casebased digital learning methods, and the role of technology in enhancing legal and cybersecurity literacy (Jacob et al., 2020;Dawson, 2018). These findings indicate that practical, not just theoretical, digital tools are needed to be infused in the curriculum so that the students are better prepared in the wider and increasingly digital legal environment. ...
Article
Full-text available
This study analyzes current trends in the integration of digital technologies with legal education and their impact on cybersecurity awareness among students. Through a bibliometric approach, the research identifies challenges, opportunities, and future directions in digital legal education, emphasizing the importance of a holistic approach that encompasses technical, digital rights, and ethical dimensions. While technology is increasingly embedded in legal education, human-centeredness and ethical considerations remain underrepresented in cybersecurity curricula. The findings reveal that current cybersecurity education predominantly focuses on technical and legal aspects, thereby neglecting critical humanistic factors necessary for comprehensive training. This paper underscores the need for more interactive and innovative educational strategies, such as collaborative learning and virtual reality simulations, to bridge the skills gap and adequately prepare students for the digital challenges of the modern world. Future research should further explore these strategies to enhance the effectiveness of cybersecurity education within legal studies, equipping students to navigate the complexities of a digitally driven age.
... Researchers continue to encourage the interdisciplinary nature of cybersecurity [13], [14]. This is ultimately a call for the field to move away from the dominating technological focus to consider the inclusion of content associated with the various human dimensions connected to cybersecurity efforts [14]. ...
... Researchers continue to encourage the interdisciplinary nature of cybersecurity [13], [14]. This is ultimately a call for the field to move away from the dominating technological focus to consider the inclusion of content associated with the various human dimensions connected to cybersecurity efforts [14]. According to one cybercrime expert, "a holistic approach to cybersecurity is one that considers the many disciplines that produce cybersecurity professionalstechnical and nontechnical alike, in a coherent fashion" [62 : 14]. ...
... Two major implications follow the omission of courses on terrorism in NSA designated cybersecurity curriculum. For one, and in line with extant research, the goal for future cybersecurity programs should be to keep embracing interdisciplinary efforts [13], [14]. Given that current cybersecurity curriculums embrace particularly technologically focused strategies that lack a human-centered focus, cybersecurity programs should consider collaborations with disciplines such as criminal justice, political science, and sociology when designing learning initiatives that introduce students to topics related to the social processes concerned with terrorism. ...
Article
The National Security Agency (NSA) awards Center of Academic Excellence (CAE) designations to institutions that commit to producing cybersecurity professionals who will work in careers that reduce vulnerabilities in our national infrastructure. A review of the curricula in the 327 institutions and their degree programs reveal that only two programs offer a required course about terrorism. Given the fluid nature of terrorism and its threat to national infrastructure, the omission is concerning. It is recommended that NSA-certified cybersecurity programs begin implementing educational content that aim to teach about this emerging crime and justice issue. One suggestion is to embrace the interdisciplinary nature of cybersecurity, as exemplified in the success of the Cybersecurity Living and Learning Community (CLLC). Designing courses that educate about the social processes that leads to the growing problem of violence and terror directed towards marginalized communities and our nation's technological infrastructure, is another.
... In their work, Jacob, Peters, and Yang [7] discuss the need for a cybersecurity curriculum to include more than just computer science or engineeringbased scholars. From their perspective, the rapid growth of cybersecurity warrants a change to the present collegiate curriculum, specifically including other disciplines in that education. ...
... Jacob, Peters, and Yang [7] highlight three additional disciplines specifically that would aid in creating and maintaining a holistic perspective. They state that including the disciplines of criminology, legal studies or law, and economics would significantly enhance the learning, study, and practice of the field of cybersecurity. ...
Preprint
Full-text available
Classical cybersecurity is often perceived as a rigid science discipline filled with computer scientists and mathematicians. However, due to the rapid pace of technology development and integration, new criminal enterprises, new defense tactics, and the understanding of the human element, cybersecurity is quickly beginning to encompass more than just computers. Cybersecurity experts must broaden their perspectives beyond traditional disciplinary boundaries to provide the best protection possible. They must start to practice transdisciplinary cybersecurity. Taking influence from the Stakeholder Theory in business ethics, this paper presents a framework to encourage transdisciplinary thinking and assist experts in tackling the new challenges of the modern day. The framework uses the simple Think, Plan, Do approach to enable experts to develop their transdisciplinary thinking. The framework is intended to be used as an evaluation tool for existing cybersecurity practices or postures, as a development tool to engage with other disciplines to foster learning and create new methods, and as a guidance tool to encourage new ways of thinking about, perceiving, and executing cybersecurity practices. For each of those intended uses, a use case is presented as an example to showcase how the framework might be used. The ultimate goal of this paper is not the framework but transdisciplinary thinking. By using the tool presented here and developing their own transdisciplinary thinking, cybersecurity experts can be better prepared to face cybersecurity's unique and complex challenges.
... Cyber security is an interdisciplinary (e.g., [4]), or even multi-(e.g., [5]) or meta-disciplinary (e.g., [6]) field, as it covers security aspects in data, software, component, connection, system, and in human, organizational and societal context. While cyber security requires a solid foundation of technical (computing) skills, it also requires that cyber security professionals have broader knowledge, skills and abilities in other domains. ...
Conference Paper
Full-text available
Cyber security is becoming more complex due to the exponential growth of interconnected systems and the global threat landscape. To mitigate those risks, there is a need for a skilled cyber security workforce that can navigate the complex decision-making in rapidly evolving cyberspace. Artificial intelligence (AI) is rapidly adopted into cyber defence operations, but we can not effectively train human and AI-assisted cyber defence operators without understanding the underlying learning theory and ecosystems. Cyber security exercises (CSXs) are popular teaching methods for cyber-readiness. However, applying learning analytics (LA) methods and AI-based approaches to exercise design and implementation is still in the early stages. We propose a holistic human-AI interaction model within the LA and CSX context. The model brings together elements and processes of human-AI interactions, as well as cyber ranges, cyber security, and LA tools, and a wider lens of multimodal learning analytics, exercise life-cycle, and overall pedagogical approach. We also discuss the opportunities and challenges for LA and AI in the context of cyber security training. We analyse the role of AI from the learning, instruction, and administration lens in cyber security training, specifically in the exercises. We aim to stimulate further discussions on the future of human-AI collaboration and how to enhance cyber security training with novel LA and AI capabilities.
... This finding is consistent across gender, race, course delivery method and residence (see Table 3). The calls for interdisciplinary approaches to teaching cybersecurity are not new to the literature (Craigen et al., 2014;Jacob et al., 2020;LeClair et al., 2013;Payne et al., 2021). The responses of the STEM-students only confirm the need for interdisciplinarity as the field itself is international and complex, and its problems interconnected and related to both technical and social science skills. ...
Article
As the number of available cybersecurity jobs continues to grow, colleges strive to offer to their cybersecurity students an environment which will make them sufficiently prepared to enter the workforce after graduation. This paper explores the academic and professional needs of STEM-students in various higher education institutions across Virginia and how cybersecurity programs can cater to these needs. It also seeks to propose an evidence-based approach for improving the existing cybersecurity programs so that they can become more inclusive and student-ready. A survey of 251 college students in four higher-education institutions in Virginia showed that while there are common patterns observed across gender and race, there are still areas in which more should be done regarding some of these groups. In particular, some discrepancies are observed across gender when it comes to students’ preparation with business fundamentals, the overall satisfaction of the received STEM education, and across race and ethnicity, when it comes to college advising, peer-mentoring, tutoring and faculty mentoring. The results from this study inform specific recommendations that will bring higher-education institutions and their cybersecurity program to a more student-ready level.
... The continued digitization of society required a research approach with interdisciplinary foundations capable of integrating social sciences and information technology knowledge (Loader & Dutton, 2012). We can find examples of computer science and social sciences working together from ethnographic field study (Goulden et al., 2016) through cyber criminology (Lavorgna, 2021) to research on cybersecurity (Jacob et al., 2019). Computational Social Science and Social Computing came to scene as adequate fields of blending the knowledge of computer and social sciences. ...
Article
Full-text available
In the last decade, a transition in research design and methodology is identified in social research methodology; however, the high entry threshold (i.e., technical knowledge) to utilize computational methods and the ethical concerns seem to slow down the process. A possible way out is that social sciences collaborate with computational or data scientists in interdisciplinary research projects to rely on each other’s skills and to develop jointly accepted ethical principles. In this exploratory study, we collected data from researchers with a variety of academic backgrounds to find out their views of interdisciplinary projects and related methodological or ethical issues. Our findings derived from one-on-one interviews (n = 22) reinforce the importance of interdisciplinary collaboration and highlight the significance of “interpreters,” i.e., individuals able to communicate with and connect various areas of science, education, and academic institutions’ role in enhancing interdisciplinary collaborations of sciences. Additional concerns of participants emerged in terms of research methodology applied in the digital world (i.e., data validity, credibility and research ethics). Finally, participants identified open science and the transparency of research as the key to the future development of social sciences.
Chapter
This chapter delves into the historical development and transformative journey of cyber-intelligent markets since 1834. Employing a qualitative methodology and comprehensive literature review, the chapter traces the evolution from basic cybersecurity measures to advanced intelligence-driven ecosystems. Highlighted is the pivotal role of technological advancements in threat assessment and response, emphasizing the proactive, predictive capabilities enabled by sophisticated algorithms, AI, and machine learning. This research offers insights for cybersecurity professionals, business leaders, policymakers, and academics. Documented is the transition from reactive cybersecurity to dynamic, proactive strategies, underscoring the significance of continuous adaptation to evolving cyber threats. The chapter offers significant contribution to understanding the evolution and future trajectory of digital defense mechanisms in intelligent cybersecurity markets.
Article
Full-text available
Технология өнүккөн сайын кылмыш дүйнөсү да өсүүдө. Виртуалдык дүйнө азыр кылмышкерлер жана укук коргоо органдары үчүн жаңы күрөш майданы болуп калды. Санариптик криминология - бул киберкылмыштуулукту жасоо учурунда пайда болгон санариптик издерди табууга жана анализдөөгө багытталган тез өсүп жаткан тармак катары белгилүү. Бул обзордук макалада санариптик криминологияда “виртуалдык” дүйнөдө кылмыш процесстери учурунда түзүлгөн санариптик издерди аныктоо, талдоо жана чечмелөө үчүн колдонулган негизги түшүнүктөр жана ыкмалар жөнүндө жалпы маалымат берилет.
Chapter
Full-text available
As cybercrime is increasing day by day and taking a wild shape in society, even highly reputable and government organizations' software are not safe from those attacks. So, the findings of this study will contribute to finding the reasons for how cyber attacks take place and how harmful they can be. A systematic literature review (SLR) is used to discover the negative effects of cyber attacks on vendor organizations in context of software development and also to tell us how to deal with the negative consequences of these attacks. We have identified 13 critical challenges through the SLR. Because of these findings we will get to know about the real-world practices which can be used to solve and overcome the negative consequences of cyber attacks. This chapter will provide a roadmap to conduct the research. The development of a cyber security challenges model (CSCM) is the conclusive aim of this protocol.
Article
Full-text available
It is globally realized that humans are the weakest link in cyber security to the extent that the dictum 'users are the enemy' has been debated over about two decades to understand the behavior of the user while dealing with cyber security issues.Attempts have been made to identify the user behavior through various theories in criminology to understand the motive and opportunities available to the user while he interacts with the computer system. In this article, the available literature on interaction of user with the computer system has been analyzed and an integrated model for user behavior in information system security has been proposed by the author. This integrated model could be used to devise a strategy to improve user's behaviour by strengthening the factors that have a positive impact and reducing the factors that have a negative impact on information system security.
Thesis
Full-text available
Cyber security was historically a technical subfield of computer science. However, pervasive computing technology has recently made security a significant concern for management and policy. In this thesis, I review the academic literature of cyber security, and argue that security as a field comprises four different subdisciplines: policy, computer science, management, and social science. Furthermore, collaboration and communication between these fields is lacking, as evidenced by differing terminology between these fields and few interdisciplinary journal publications. The remainder of this thesis is devoted to answering the question “How can cyber security professionals, including academic researchers, better approach cyber security as an interdisciplinary field; and what are the benefits of doing so?” This thesis recommends two steps the cyber security community can take towards becoming more interdisciplinary: undergraduate multi-departmental education; and harmonizing terminology between subdisciplines. To the first step, I present a novel curriculum design: an interdisciplinary minor in cyber security, which would equip non-security professionals with basic knowledge of security, and equip security professionals with skills for approaching security with an interdisciplinary mindset. I create a balanced curriculum design based on the findings from my literature review regarding the four subdisciplines of security. MIT’s entire subject catalog was sourced for classes, to design a model curriculum. While this curriculum proposal was developed for MIT, the design is institution-agnostic, and I discuss how to apply it to other universities. Second, to facilitate cross-disciplinary communication, I recommend instituting change at the higher, professional level. To achieve this, I recommend authors harmonize their jargon usage. This change would improve idea flow between authors from different disciplines, who work towards potentially mutually beneficial solutions, but who write for separate audiences in their publications. To identify areas in need of harmonization, I first examine the extent of differences in keyword usage in articles from each the four security subdisciplines. I also analyze time-series trends of terminology usage in cyber security journal articles, and I develop a methodology for authors or standards bodies to use when deciding whether a word or phrase is appropriately interdisciplinary, or has been accepted by the general cyber security community.
Article
Full-text available
The growing demand for computer security, and the cyberization trend, are hallmarks of the 21st century. The rise in cyber-crime, digital currency, and e-governance has been well met by a corresponding recent jump in investment in new technology for securing computers around the globe. Business and government sectors have begun to focus effort on comprehensive cyber security solutions. With this effort has emerged a need for greater collaboration between research and industry fields. Despite much effort, there is still too little cross-disciplinary collaboration in the realm of computer security. This paper reviews the new trends, contributions, and identifiable limitations in cyber security research. We argue that these limitations are due largely to the lack of interdisciplinary cooperation required to address a problem that is clearly multifaceted. We then identify a need for further refinement of standard cyber security terminology to facilitate interdisciplinary cooperation, and propose guidelines for the global Internet multistakeholder community to consider when crafting such standards. We also assess the viability of some specific jargon, including whether cyber should be a separate word when used as a descriptor (e.g. cyber-crime or cybercrime), and conclude with recommendations for terminology use when writing papers on cyber security or the new broader field of all things relating to cyberspace, which has recently been dubbed Cybermatics, a term we also examine and propose alternatives to. By furthering the effort to standardize cyber security terminology, this paper lays groundwork for cross-disciplinary collaboration, interaction between technical and nontechnical stakeholders, and drafting of universal Internet governance laws.
Book
Research on cybercrime has been largely bifurcated, with social science and computer science researchers working with different research agendas. These fields have produced parallel scholarship to understand cybercrime offending and victimization, as well as techniques to harden systems from compromise and understand the tools used by cybercriminals. The literature developed from these two fields is diverse and informative, but until now there has been minimal interdisciplinary scholarship combining their insights in order to create a more informed and robust body of knowledge. This book offers an interdisciplinary approach to research on cybercrime and lays out frameworks for collaboration between the fields. Bringing together international experts, this book explores a range of issues from malicious software and hacking to victimization and fraud. This work also provides direction for policy changes to both cybersecurity and criminal justice practice based on the enhanced understanding of cybercrime that can be derived from integrated research from both the technical and social sciences. The authors demonstrate the breadth of contemporary scholarship as well as identifying key questions that could be addressed in the future or unique methods that could benefit the wider research community. This edited collection will be key reading for academics, researchers, and practitioners in both computer security and law enforcement. This book is also a comprehensive resource for postgraduate and advanced undergraduate students undertaking courses in social and technical studies.
Conference Paper
This poster presents the results of two full cycles of a novel approach to Computer Science education that simplifies many of the pedagogical, organizational and administrative challenges in reaching across disciplines. We introduce a parallel, conjoined approach to constructing interdisciplinary offerings between Computer Science and a wide variety of other disciplines in a loosely-coupled fashion. Cooperating courses run simultaneously in nearby classrooms and meet together to collaborate numerous times during a semester. We describe our approach, lessons learned, results of evaluations of the effectiveness of the approach, and ideas for replicating the approach in other disciplines and institutions.