Date of Award


Document Type


Degree Name

Master of Science in Information Systems and Technology


Information and Decision Sciences

First Reader/Committee Chair

Butler, William


Ninety seven percent (97%) of people between the ages of 3 and 18 are found to be users of technology and internet services daily. This number also correlates with rising cyber crime rates against people in this age bracket. It is found that people between 3 and 18 years old are found to be technologically savvy but often lack the knowledge of how to protect themselves in online environments. Researchers have suggested that cybersecurity awareness training is an effective method at combating common forms of cyberattack such as social engineering. Social engineering attacks are found to make up 98% of successful cyberattacks and it is crucial that users of these internet and technology services are knowledgeable in protecting themselves.

Cybersecurity education materials are commonly found in enterprise and higher education environments, but there is a gap of available research that evaluates the effectiveness of this education in the K-12 environment. Therefore, this project evaluates the following research questions to help address the gap: (Q1) What affective methods to educate children and teenagers on cybersecurity concepts? (Q2) What are best practices for topic selection when it comes to cybersecurity education in the 3–18-year age range? (Q3) What are unique challenges that may be encountered when implementing this type of education nationwide? The research will discover the answers for the proposed research questions by analyzing existing literature and reviewing case studies of successful cybersecurity education in K-12 schools.

The selected case studies went through an inclusion and exclusion criteria which required the following items to be present: publishing by a reputable journal or conference, contain empirical data in form of pre and post assessment, why the method of teaching was selected, and explain limitations. The findings and conclusions from the case studies are: (Q1) Students are receptive to learning cybersecurity principles via multiple teaching styles. The case studies displayed self-guided, collaborative, and traditional instruction methods and students were shown to improve greatly in post assessment results. (Q2) Best practices for selecting topics in the case studies was to utilize age-appropriate cybersecurity educational materials published by government agencies. A finding from this is that these materials are not readily available for educators and must be sought out as they are considered optional items. (Q3) Scaling of these type of cybersecurity workshops is difficult due to resource constraints faced by many schools found in lower income and rural districts. The availability of cybersecurity professionals and university campus’s willingness to host these camps is scarce and leaves this type of experience out of reach for many students. Areas of further study are researching methods on how to effectively scale this sort of education by utilizing a remote learning model and the creation of a standardized age-appropriate curriculum.