A. O. Affia, Alexander Nolte, Raimundas Matulevičius
{"title":"IoT Security Risk Management: A Framework and Teaching Approach","authors":"A. O. Affia, Alexander Nolte, Raimundas Matulevičius","doi":"10.15388/infedu.2023.30","DOIUrl":null,"url":null,"abstract":"While Internet of Things (IoT) devices have increased in popularity and usage, their users have become more susceptible to cyber-attacks, thus emphasizing the need to manage the resulting security risks. However, existing works reveal research gaps in IoT security risk management frameworks where the IoT architecture – building blocks of the system – are not adequately considered for analysis. Also, security risk management includes complex tasks requiring appropriate training and teaching methods to be applied effectively. To address these points, we first proposed a security risk management framework that captures the IoT architecture perspective as an input to further security risk management activities. We then proposed a hackathon learning model as a practical approach to teach hackathon participants to apply the IoT security risk management framework. To evaluate the benefits of the framework and the hackathon learning model, we conducted an action research study that integrated the hackathon learning model into a cybersecurity course, where students learn how to apply the framework. Our findings show that the IoT-ARM framework was beneficial in guiding students towards IoT security risk management and producing repeatable outcomes. Additionally, the study demonstrated the applicability of the hackathon model and its interventions in supporting the learning of IoT security risk management and applying the proposed framework to real-world scenarios.","PeriodicalId":45270,"journal":{"name":"Informatics in Education","volume":"91 1","pages":""},"PeriodicalIF":2.1000,"publicationDate":"2023-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Informatics in Education","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.15388/infedu.2023.30","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"EDUCATION & EDUCATIONAL RESEARCH","Score":null,"Total":0}
引用次数: 1
Abstract
While Internet of Things (IoT) devices have increased in popularity and usage, their users have become more susceptible to cyber-attacks, thus emphasizing the need to manage the resulting security risks. However, existing works reveal research gaps in IoT security risk management frameworks where the IoT architecture – building blocks of the system – are not adequately considered for analysis. Also, security risk management includes complex tasks requiring appropriate training and teaching methods to be applied effectively. To address these points, we first proposed a security risk management framework that captures the IoT architecture perspective as an input to further security risk management activities. We then proposed a hackathon learning model as a practical approach to teach hackathon participants to apply the IoT security risk management framework. To evaluate the benefits of the framework and the hackathon learning model, we conducted an action research study that integrated the hackathon learning model into a cybersecurity course, where students learn how to apply the framework. Our findings show that the IoT-ARM framework was beneficial in guiding students towards IoT security risk management and producing repeatable outcomes. Additionally, the study demonstrated the applicability of the hackathon model and its interventions in supporting the learning of IoT security risk management and applying the proposed framework to real-world scenarios.
期刊介绍:
INFORMATICS IN EDUCATION publishes original articles about theoretical, experimental and methodological studies in the fields of informatics (computer science) education and educational applications of information technology, ranging from primary to tertiary education. Multidisciplinary research studies that enhance our understanding of how theoretical and technological innovations translate into educational practice are most welcome. We are particularly interested in work at boundaries, both the boundaries of informatics and of education. The topics covered by INFORMATICS IN EDUCATION will range across diverse aspects of informatics (computer science) education research including: empirical studies, including composing different approaches to teach various subjects, studying availability of various concepts at a given age, measuring knowledge transfer and skills developed, addressing gender issues, etc. statistical research on big data related to informatics (computer science) activities including e.g. research on assessment, online teaching, competitions, etc. educational engineering focusing mainly on developing high quality original teaching sequences of different informatics (computer science) topics that offer new, successful ways for knowledge transfer and development of computational thinking machine learning of student''s behavior including the use of information technology to observe students in the learning process and discovering clusters of their working design and evaluation of educational tools that apply information technology in novel ways.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
