CATS – Help Validate CCA

Please help us validate an assessment of cybersecurity knowledge.

We have developed the Cybersecurity Curriculum Assessment (CCA) to measure the understanding of cybersecurity concepts of students who are nearing completion of a program focused on cybersecurity.  The CCA is a multiple-choice instrument and typically takes up to two hours to complete. We suggest that students who take the assessment receive extra credit.


Validating an assessment requires having a large number of students take the test. It would help the project immensely if you could encourage your students.  We would like to collect all data by May 15, 2022.


Upon submission of the CCA, each student will see a report of their performance.  All performance data and demographic information will be kept confidential and anonymous. In particular, we will not release performance data by school.

Instructions for students to for taking the CCA:

Frequently Asked Questions:

The CCA is for students who are about to complete any degree, track, certificate, or program in cybersecurity (especially in computer science or related fields), or who have recently done so.

The Cybersecurity Concept Inventory (CCI) is for students about to complete any first course in cybersecurity, or who have recently done so.  The CCA and the CCI target the same five core concepts of cybersecurity, but the CCA assumes greater technical knowledge.

The immediate research goal is to validate the CCA using expert review and psychometric testing, as we did for the CCI [2].

Students will take the CCA online on the web-based PrairieLearn system developed at the University of Illinois. URL to instructions:

Thank you for your support of this project.

The Cybersecurity Assessment Tools (CATS) project [1] is a collaboration of Drs. Alan T. Sherman ( and Linda Oliva of The University of Maryland, Baltimore County (UMBC), Dr. Geoffrey Herman of The University of Illinois, and Dr. Peter Peterson of the University of Minnesota Duluth.  UMBC’s IRB approved the research protocols.

[1] Sherman, Alan T., Geoffrey L. Herman, Linda Oliva, Peter A. H. Peterson, Enis Golaszewski, Seth Poulsen, Travis Scheponik, and Akshita Gorti, “Experiences and lessons learned creating and validating concept inventories for cybersecurity’” in National Cyber Summit (NCS) Research Track 2020, invited paper,  Kim-Kwang Raymond Choo et al., Eds., Advances in Intelligent Systems and Computing, Vol. 1271, Springer (2020), 3-34.


[2] Poulson, Seth, Geoffrey Herman, Peter A. H. Peterson, Linda Oliva, Enis Golaszewski, Akshita Gorti, Travis Scheponik, Alan T. Sherman, “Psychometric Evaluation of the Cybersecurity Concept Inventory,” ACM Transactions on Computing Education (TCE), Vol. 22, No. 1 (2021), 1-18.

Support was provided in part by NSF (SFS 1241576 and DGE 1820531) and DoD (H98230-17-1-0349 and H98230-17-1-0347) to create concept inventories related to cybersecurity, with the ultimate goal of using them to compare different cybersecurity pedagogies.