Characterizing Cybersecurity Awareness Among Brazilian Computer Science Higher Education Students
Abstract
This study examines the cybersecurity awareness of Brazilian students at various academic levels, focusing on their understanding of fundamental concepts such as common threats, security controls, and risk-related scenarios. We conducted a survey with 199 participants, including 155 undergraduates and 44 graduates, and evaluated their performance based on three levels of exposure to cybersecurity education: no prior exposure (n=36), one source of exposure (n=81), and two or more sources (n=82). The results reveal a significant correlation between exposure to cybersecurity education and improved performance. The mean percentage of correct answers increased from 72.11% for those with no exposure to 79.35% for those with one source and reached 85.07% for those with two or more sources. Furthermore, students consistently underestimated their knowledge on the topic, although this perception gap diminished with increased exposure. These findings highlight the need for incorporating comprehensive cybersecurity into Information Technology (IT) curricula to enhance awareness and reduce risks associated with professional negligence, particularly among future IT practitioners in Brazil.References
Carvalho, E., Reis, T., and Alves, F. (2017). Ensino de noções básicas de segurança da informação nas escolas brasileiras. In Anais do XXIII Workshop de Informática na Escola, pages 765–774, Porto Alegre, RS, Brasil. SBC.
CERT Insider Threat Team (2013). Unintentional insider threats: A foundational study. Technical Note CMU/SEI-2013-TN-022, Carnegie Mellon University, Pittsburgh. Available online.
Chothia, T. and Novakovic, C. (2015). An offline capture the flag-style virtual machine and an assessment of its value for cybersecurity education. In 3GSE15 Summit Program, USENIX Conference. Accessed: March 24, 2025.
Ernits, M. and Kikkas, K. (2016). A live virtual simulator for teaching cybersecurity to information technology students. In Zaphiris, P. and Ioannou, A., editors, Learning and Collaboration Technologies, pages 474–486, Cham. Springer International Publishing.
Ghazi, A. N., Petersen, K., Reddy, S. S. V. R., and Nekkanti, H. (2019). Survey research in software engineering: Problems and mitigation strategies. IEEE Access, 7:24703–24718.
Henklain, M., Lobo, F., Feitosa, E., Cavalcante, L., Alencar, J., Bríglia, V., Araújo, G., and Alves, G. (2024). Caracterização de conhecimentos e comportamentos de cibersegurança: Estudo exploratório com dados predominantes do extremo norte brasileiro. In Anais do XXIV Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pages 76–91, Porto Alegre, RS, Brasil. SBC.
National Institute of Standards and Technology (NIST) (2023). Special publication 800-50 revision 1: Building an information technology security awareness and training program. Technical report, NIST. Accessed: March 24, 2025.
Randel, J., Serrão, J., Romão, H., Lobo, F., Henklain, M., and Feitosa, E. (2024). Caracterização de senhas utilizadas pela comunidade universitária como ponto de partida para o desenvolvimento de capacitação em cibersegurança. In Anais do XXXII Workshop sobre Educação em Computação, pages 680–691, Porto Alegre, RS, Brasil. SBC.
ReliaQuest (2025). Reliaquest annual cyber-threat report 2025. Technical report, ReliaQuest. Accessed: March 24, 2025.
Sangwan, A. (2024). Human factors in cybersecurity awareness. In 2024 International Conference on Intelligent Systems for Cybersecurity (ISCS), pages 1–7.
Shull, F., Singer, J., and Sjøberg, D. I. (2008). Guide to advanced empirical software engineering, volume 93. Springer.
Szumski, O. (2018). Cybersecurity best practices among polish students. Procedia Computer Science, 126:1271–1280. Knowledge-Based and Intelligent Information & Engineering Systems: Proceedings of the 22nd International Conference, KES-2018, Belgrade, Serbia.
Triplett, W. J. (2022). Addressing human factors in cybersecurity leadership. Journal of Cybersecurity and Privacy, 2(3):573–586.
Witsenboer, J. W. A., Sijtsma, K., and Scheele, F. (2022). Measuring cyber secure behavior of elementary and high school students in the netherlands. Computers & Education, 186:104536.
Zetter, K. (2014). Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon. Crown Publishers, a division of Random House LLC, New York.
Zwilling, M., Klien, G., Lesjak, D., Łukasz Wiechetek, Cetin, F., and and, H. N. B. (2022). Cyber security awareness, knowledge and behavior: A comparative study. Journal of Computer Information Systems, 62(1):82–97.
CERT Insider Threat Team (2013). Unintentional insider threats: A foundational study. Technical Note CMU/SEI-2013-TN-022, Carnegie Mellon University, Pittsburgh. Available online.
Chothia, T. and Novakovic, C. (2015). An offline capture the flag-style virtual machine and an assessment of its value for cybersecurity education. In 3GSE15 Summit Program, USENIX Conference. Accessed: March 24, 2025.
Ernits, M. and Kikkas, K. (2016). A live virtual simulator for teaching cybersecurity to information technology students. In Zaphiris, P. and Ioannou, A., editors, Learning and Collaboration Technologies, pages 474–486, Cham. Springer International Publishing.
Ghazi, A. N., Petersen, K., Reddy, S. S. V. R., and Nekkanti, H. (2019). Survey research in software engineering: Problems and mitigation strategies. IEEE Access, 7:24703–24718.
Henklain, M., Lobo, F., Feitosa, E., Cavalcante, L., Alencar, J., Bríglia, V., Araújo, G., and Alves, G. (2024). Caracterização de conhecimentos e comportamentos de cibersegurança: Estudo exploratório com dados predominantes do extremo norte brasileiro. In Anais do XXIV Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pages 76–91, Porto Alegre, RS, Brasil. SBC.
National Institute of Standards and Technology (NIST) (2023). Special publication 800-50 revision 1: Building an information technology security awareness and training program. Technical report, NIST. Accessed: March 24, 2025.
Randel, J., Serrão, J., Romão, H., Lobo, F., Henklain, M., and Feitosa, E. (2024). Caracterização de senhas utilizadas pela comunidade universitária como ponto de partida para o desenvolvimento de capacitação em cibersegurança. In Anais do XXXII Workshop sobre Educação em Computação, pages 680–691, Porto Alegre, RS, Brasil. SBC.
ReliaQuest (2025). Reliaquest annual cyber-threat report 2025. Technical report, ReliaQuest. Accessed: March 24, 2025.
Sangwan, A. (2024). Human factors in cybersecurity awareness. In 2024 International Conference on Intelligent Systems for Cybersecurity (ISCS), pages 1–7.
Shull, F., Singer, J., and Sjøberg, D. I. (2008). Guide to advanced empirical software engineering, volume 93. Springer.
Szumski, O. (2018). Cybersecurity best practices among polish students. Procedia Computer Science, 126:1271–1280. Knowledge-Based and Intelligent Information & Engineering Systems: Proceedings of the 22nd International Conference, KES-2018, Belgrade, Serbia.
Triplett, W. J. (2022). Addressing human factors in cybersecurity leadership. Journal of Cybersecurity and Privacy, 2(3):573–586.
Witsenboer, J. W. A., Sijtsma, K., and Scheele, F. (2022). Measuring cyber secure behavior of elementary and high school students in the netherlands. Computers & Education, 186:104536.
Zetter, K. (2014). Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon. Crown Publishers, a division of Random House LLC, New York.
Zwilling, M., Klien, G., Lesjak, D., Łukasz Wiechetek, Cetin, F., and and, H. N. B. (2022). Cyber security awareness, knowledge and behavior: A comparative study. Journal of Computer Information Systems, 62(1):82–97.
Published
2025-07-20
How to Cite
FERREIRA, Vinícius E.; OLIVEIRAJR, Edson; ZARPELÃO, Bruno B.; ZORZO, Avelino F..
Characterizing Cybersecurity Awareness Among Brazilian Computer Science Higher Education Students. In: WORKSHOP ON COMPUTING EDUCATION (WEI), 33. , 2025, Maceió/AL.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 63-74.
ISSN 2595-6175.
DOI: https://doi.org/10.5753/wei.2025.7124.
