Master of Science, University of Toledo, 2020, Engineering (Computer Science)

This thesis titled "Practice-Oriented Cybersecurity Training Framework" offers training applications that will be used as a pedagogy improving tool in the field of cybersecurity education. We believe involving students in active learning by including hands-on intuitive activities to be highly effective in the field of cybersecurity education. The Practice-Oriented training framework contains three malicious android applications namely Email-Lite-Scare, Shop-Shock-Struck and Play- Read-Disrupt that have been developed. The malicious applications are pretend malware that portray the signature behaviors of scareware, ransomware and privacy extortion respectively. To involve students and also to establish an active-learning environment an android application is provided to students as self-exploratory cybersecurity exercise. Psychological learning is emphasized in this approach by exercising the application extensively. Through this we aim to make them cyber aware to recognize new threats and respond to mitigate them. The primary focus of this study is on finding innovative and productive ways to expose high school students to cybersecurity. With advances in technology and the growth in the use of the internet through mobile devices, cybercrime has led to greater exposure for organizations and individuals. Teenagers are easy targets of these cybercrimes, as educating students on current cyber-attacks is seen as a powerful tool to teach cybersecurity, there is a need to educate them on cybersecurity trends. Practice-Oriented cybersecurity training framework is a tool to bridge the skill-gap. The underlying goals also include to develop a security mindset, spread awareness on threats associated with smartphone/tablet usage, and to inculcate interest in cybersecurity careers among high school students. This work contributes to "InviteCyber" project for high school students.

Committee: Ahmad Y Javaid (Committee Chair); Devinder Kaur (Committee Member); Weiqing Sun (Committee Member) Subjects: Academic Guidance Counseling; Computer Engineering; Computer Science; Curriculum Development; Education

Master of Science, University of Toledo, 2020, Engineering (Computer Science)

Technology developments and the growth in the use of the Internet through mobile devices have contributed to greater visibility of cybercrime by organizations and individuals. As teens are easy targets of these cybercrimes, they need to be trained on developments in cybersecurity as educating students on current cyber attacks is seen as a powerful tool to teach cybersecurity. This work presents a pedagogical strategy to train students to recognise and respond to potential attacks to alleviate them. This is achieved by cybersecurity activities based on observational, experiential, and real-life practice. Two malicious phishing android applications have been developed, namely Social-Phish, Chat-Phish, and one focusing on cyber-secure practices, namely Quiz Your Permissions. By thoroughly exercising the application, psychological learning is emphasized in this approach. The underlying objectives of this research are to establish a security mindset, to raise awareness of threats associated with the use of smartphones and tablets, and to instill interest among high school students in cybersecurity careers.

Committee: Ahmad Y Javaid (Committee Chair); Devinder Kaur (Committee Member); Weiqing Sun (Committee Member) Subjects: Computer Engineering; Curriculum Development; Education