The Assessment done for Security Injections project indicated that there is a significant increase in students’ awareness about security and their ability to apply security principles increased after they were exposed to Security Injection modules.
Please find comprehensive assessment results in our publications page.
Primary goals of the project assessments were
- To assess increasing students’ security awareness.
- To assess improving students’ ability to apply security principles.
- To assess increasing faculty security awareness.
- To assess increasing number of security skilled students.
The instruments used for assessment were
- Students and faculty surveys
- Random sampling of assignments
- Qualitative inputs from faculty
- Controlled experiments in class rooms
- Institutional quantitative data
Assessment Design for students’ security awareness
The classes were divided into two groups-integrated sections and control sections. Integrated-sections referred the classes that use security injections and control-sections referred to classes that do not use injections. In both groups, students were administered a pre-survey (at the beginning of the class) and a post survey (at the end of the class).The survey instruments were designed carefully to assess the general security awareness and secure coding principles students gain from injections.
The student surveys contained demographic questions and two sets of multiple choice questions –one section targeted general security awareness and other focused on specific knowledge gained through injections. The general security awareness questions in the computer literacy and programming classes were the same, while questions specific to security injections were different in computer literacy and CS0, CS1 & CS2.
Assessment Results for students’ security awareness
The results for CS0, CS1 and CS2 sections that used security injections modules across 5 institutions which included 1,026 survey responses and more than 40 sections. The results indicated a significant increase in across core courses CS0 and CS1 but not in CS2 which could be because of topic fatigue in CS2.
The bar graph above depicts that students’ security awareness across all courses has increased by 11.03 percent after exposing them to security injection modules. Individually for courses CS0 and CS1 the students’ security awareness has increased by 19.54 percent and 9.51 percent respectively.
The results for computer literacy course based on 300 survey responses across 4 institutions indicate that there is significant increase of 17.37 percent from pre to post in integrated sections.
The Assessment for students’ ability to apply security principles was performed. This was done by grouping the students among integrated section and control section under the same instructor for CS0 course. Pre-surveys and post-surveys were administered in both sections. In addition to that a more stringent ‘code-check’ was given at the end.
The results indicated that both the sections had higher scores in the post survey but there was an increase of 40.61 percent in the scores on integrated sections which was significantly higher than the control section.