SaTC EDU: Assessment Resources for Cybersecurity

In this Assessment Resources for Cybersecurity (ARC) project, DARK Enterprises Inc. will address the need for rigorous research on assessment by partnering with cybersecurity researchers, educators and assessment experts. Cybersecurity educators need high-quality assessment resources that can help them to make valid claims about student knowledge and guide student learning.

Cybersecurity educational researchers need high-quality assessment resources to conduct studies that advance improvements in teaching and student learning in cybersecurity. Finally, state departments of education need high-quality assessment resources that support educational pathways as they build their cybersecurity high school to college/career pathways.

The project team will leverage Evidence-Centered Design to create and pilot-test a bank of cybersecurity assessment items and share the findings broadly. The assessment resources will be based on the High School Cybersecurity Curriculum Guidelines, that are now being used as a resource for high school educators across the country in implementing cybersecurity courses and programs.

Assessments based on the guidelines will further support the advancement of cybersecurity pathways into dual/concurrent enrollment and placement credit opportunities.

The research team will be using Evidence-Centered Design to: 1) model how students represent knowledge and develop competence in a subject domain; 2) identify tasks or situations that allow observation of students’ performances; and 3) develop an interpretation model for drawing inferences from performance evidence. The Evidence-Centered Design methodology is rigorous, used for a broad range of assessment types, and is particularly relevant when developing innovative assessments of novel, hard-to-measure domains like cybersecurity.

Another strength of Evidence-Centered Design is its broad applicability through creating design patterns that lead to extensible development of assessment items and scoring rubrics. The outcomes of this project will include approximately 20 items for each of the following four Big Ideas in the High School Cybersecurity Curriculum Guidelines - Ubiquitous Connectivity, Data Security, System Security, and Adversarial Thinking.

Findings from this study and the resulting design patterns and bank of assessment items will be posted and shared publicly and freely via a K-12 cybersecurity education website, as well as academic journals and conferences.

This project is supported by the Secure and Trustworthy Cyberspace (SaTC) program, which funds proposals that address cybersecurity and privacy, and in this case specifically cybersecurity education. The SaTC program aligns with the Federal Cybersecurity Research and Development Strategic Plan and the National Privacy Research Strategy to protect and preserve the growing social and economic benefits of cyber systems while ensuring security and privacy.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.