C3 Framework

C3 Framework

The C3 Framework is a theoretical framework that was developed by Davina Pruitt-Mentle of Educational Technology Policy, Research and Outreach with funding from iKeepSafe and is used to inform a national, regional, or local agenda, policy, and curricula -- With its overlapping rings of Cyberethics, Cybersafety, and Cybersecurity the framework indicates that the subject areas have common ground, but have significant content that is distinct and must be discussed on an individual basis.

C3 Framework: Background

Promoting socially and ethically responsible use of technology is not a new phenomenon in education. Promoting responsible use has and continues to be acclaimed by many as a strategy under several brands to include digital citizenship , cyberawareness , and cybercitizenship . Many educational entities tend to pick and choose which C3 topics to teach, and often only talk AbOUT Cyberethics (e.g. plagiarism or cyberbullying). As revealed through survey findings, Cybersafety and Cybersecurity are virtually ignored in the educational setting, with the possible exception of a narrow focus on predators. Teaching to a C3 framework, where Cyberethics, Cybersafety, and Cybersecurity are taught as a whole, yet each having a unique focus, spotlighting the importance of each component, provides the opportunity for more complete coverage. Although clearly there is subject overlap, a separate focus gives rise to better appreciation of the appropriate uses of technology and does not negate the issues into one cloud labeled “Internet safety.” By detailing particular elements under each domain, organizations can better design and address critical content. Teaching them as one, through branding such as digital citizenship or Internet safety curriculum makes it far too easy to check off the topic as “covered,” while only scratching the surface of individual domains. The presence of a policy framework can strengthen the already positive directions of Internet safety providers and state attorney general offices. Adopting a policy framework adds potential to broaden the impact on students, teachers, and parents in addressing ALL areas determined by government, business and industry, health agencies, and education to be of increasing importance. This model was originally conceived in 2000, and has become increasingly embraced and is the framework being adopted by the National Cyber Security Alliance , and several Internet safety providers and state educational agencies to guide the design of their policies, recommendations.

Elements of the C3 Framework: Cyberethics, Cybersafety, and Cybersecurity

The C3 content cannot be stagnant. Technologies are dynamic and ever changing. For example, cyberethical issues are experiencing vast transformation as a result of factors driven by the multimedia aspects of cell phones and the vast reservoir of information on the Internet.

Cyberethics

Cyberethics is the discipline dealing with what is good and bad, and with moral duty and obligation as they pertain to online environments and digital media.Topics that might be included under this tenet are:

::*Plagiarism

::*Copyright

::*Hacking

::*Fair use

::*File sharing

::*Netiquette

::*Posting incorrect/inaccurate information

::*Cyberbullying

::*Stealing or pirating software, music, and videos

::*Online gambling

::*Gaming

::*Internet addiction

Cybersafety

Cybersafety addresses the ability to act in a safe and responsible manner on the Internet and in online environments. These behaviors can protect personal information and one’s reputation, and include safe practices to minimize danger— from behavioral-based rather than hardware/software-based problems. Topics that might be included under this tenet are:

:*Online predator

:*Objectionable content

:*Cyberstalking

:*Online Harassment

:*Pedophiles

:*Hate group

:*[...]

:*Unwanted communications

:*Online threats

Cybersecurity

Cybersecurity is defined by the HR 4246, Cyber Security Information Act (2000), as "the vulnerability of any computing system, software program, or critical infrastructure to, or their ability to resist, intentional interference, compromise, or incapacitation through the misuse of, or by unauthorized means of, the Internet, public or private telecommunications systems, or other similar conduct that violates Federal, State, or international law, that harms interstate commerce of the US, or that threatens public health or safety.” Cybersecurity is defined to cover physical protection (both hardware and software) of personal information and technology resources from unauthorized access gained via technological means. In contrast, most of the issues covered in Cybersafety are steps that one can take to avoid revealing information by “social” means. Topics that might be included under this tenet are:

:*Hoaxes

:*Viruses and other malicious self-replicating code

:*E-mail spoofing

:*Chain letter

:*Ponzi scheme

:*Get-rich-quick scheme

:*Scams

:*Criminal hacker

:*Hacktivism

:*Spyware

:*Adware

:*Malware

:*Trojan horse (computing)

:*Phishing

:*Pharming scams

:*Identity theft

:*Spoofing attack

:*Privacy

Research supporting the C3 framework

2008 National Cyberethics, Cybersafety and Cyber Security Baseline Study

Using this framework, a survey was conducted, in 2008, to explore the nature of Cyberethics, Cybersafety, and Cybersecurity (C3) educational awareness policies, initiatives, curriculum, and practices currently taking place in the U.S. public and private K-12 educational settings. Known as the 2008 National C3 Baseline Study, it establishes baseline data on C3 awareness, which can be used for program design and as a foundation for future studies on either expanding particular subject areas or examining progress. Schools tend to pick and choose which C3 topics to teach, and often only talk about Cyberethics (e.g. plagiarism or cyberbullying). As revealed through survey findings, Cybersafety and Cybersecurity are virtually ignored in the educational setting, with the possible exception of a narrow focus on predators. Teaching to a C3 framework, where Cyberethics, Cybersafety, and Cybersecurity are taught as a whole, yet spotlighting each component’s importance, provides the opportunity for more complete coverage. A separate focus gives rise to better appreciation of the appropriate uses of technology and does not lump the issues under a vague heading of Internet safety. By spelling out particular elements under each domain, educational institutions can better design and address critical content. Teaching the topics as one, through branding such as digital citizenship or cyberawareness makes it far too easy to check off the topic as “covered,” while only scratching the surface of individual domains.

Research into Action

Reinterpretation of Technology Standards

Standards for both students and educators set expectations. Several standards have been updated recently to include C3 content, such as the International Society for Technology in Education (NETS standards for students teachers and administrators). Standards are a good starting point for most subject areas, but the pace of change of technology creates a difficult challenge: how to keep standards up to date. Many technology standards were finalized several years ago before the advent of such issues as cyberbullying through text messages, test sharing through cell phone cameras, and identify theft through social networking sites. While standards are often broad-based to allow flexibility for evolving concerns, they need to be interpreted beyond the broad-stroke basics to make an impact. Perhaps the solution lies in more frequent updates to keep pace with change. In addition, just because there are technology standards, teachers do not necessarily see it as their job to address them, integrated into their primary content area. All educators, administrators, specialists and teachers need to understand that teaching the technology standards is their responsibility.

Comprehensive, Systemic and Sequential Content Suggested

Educators know that topics such as fractions cannot be taught in a day. We know from decades of research that presenting material multiple times, in multiple ways, sequentially over time has the best return and maximum impact. Yet complex topics such as those captured within Cyberethics, Cybersafety, and Cybersecurity are often covered in a single session. One-day assemblies are helpful, but the impact can be minimal given the plethora of content that needs to be covered and the difficulty in maintaining student focus in an assembly format. C3 topics need to be supported by more comprehensive content, taught using a variety of means over a longer time frame, and refreshed as needs evolve.

Professional Development for Teachers a Must

Just because a topic area is listed in a standard does not mean teachers are prepared to teach it. Educators see the need, want to learn more, and are willing to put in the effort to learn the C3 content areas in order to pass the information on to their students. Providing curriculum for students is not enough. Many C3 issues did not exist when current educators were certified. Teachers need training on Cyberethics, Cybersafety, and Cybersecurity topics. It takes more than a workshop; schools need ongoing professional development which takes funding and expertise. Much of this expertise needs to come from outside the traditional “educational content domains.” Additional funding and resources are needed both to provide content for local education agencies and to provide release time for teachers to be trained, at a time where budgets for education are tight and funding for technology professional development is almost nonexistent. If indeed national security, economic welfare of citizens, safety for youth, and a more ethical behavior across U.S. society is desired, then government, business/industry, and education need to team up to provide the needed information and resources to our teachers.

Don’t Forget Informal Settings

Programs through Boys and Girls Clubs , 4-H , Boy Scouts, Girl Scouts, Parks and Recreation programs, after school programming, and before-and-after-care programs all provide additional learning opportunities for today’s youth. These potential content providers should not be over-looked as additional intervention opportunities. However, program leaders (both volunteer and professional) will need instruction in C3 topics, and can benefit from prepared learning materials and lessons for their group. Once again, members of the business community can be tapped to provide expertise and enhance these teaching opportunities with real-world experience and lessons. Some teachers feel that C3 education is the responsibility of parents. However, many parents are not prepared with the tools to deliver information in these areas. Many adults have only limited computer literacy; some lack the language skills or financial resources to overcome these limitations. Adults in informal settings can assist educators in providing the information for students and in helping parents understand the importance.

Policies, Processes and Procedures: Beyond Printed Text

The pace of change of technology requires continual updates to content and standards. The technology portions of Acceptable Use Policies (AUPs) and student handbooks need to be updated yearly. Instructional content needs to be updated to reflect best practices and lessons learned. However, if these were distributed in printed form, budgets would be strained to the breaking point. Instead, updating digital resources of policy, procedure, and content could allow for more frequent update. Incorporating comments from employees via listservs, blogs, and forums can enrich the dialogue and provide added value. Creating this dynamic digital information space may be critical to keeping up with technology changes. Policies need to be reviewed to ensure that all employees (including teachers), students and parents understand them. The topics need to be covered more thoroughly than in a quick overview at the beginning of the year, when so many other things are distracting from the content. The topics need to be addressed in ongoing instruction, both to ensure that students have the time and understanding to internalize the information and that new and transfer students receive the information. It is imperative that consequences are included and supported by administrators and school authorities (school boards and superintendent). Teachers sometimes feel unsupported and let ethical violations go rather than follow ill-defined and unenforced policies.

IT Departments are Not the Silver Bullet

Particularly in the area of Cybersecurity and, to a lesser extent, in Cybersafety, educators believe they have no role. Educators perceive that these issues are the domain of the Information technology (IT) department, and ignore the topics both in the classroom and in their personal behavior. For example, they may assume all information on the school network is secure. Consequently, they use weak passwords, share their passwords, add unapproved software, or allow others to use their computers. Because they do not recognize the dangers, teachers sometimes lose the opportunity to instruct and guide. They miss the opportunity to inform students why it is ethically wrong to hack into the school computer to change grades. User education is critical and the perception that IT departments have “fixed” everything or blocked inappropriate content gives a false sense of security and unrealistic expectation. We need to make sure teachers understand their role in all C3 areas. The limited focus on filtering and blocking and establishing policies that say no blogs or social networks should give way to a broader focus on individual responsibility for using technology wisely. When students leave school they need to know what behaviors are appropriate and effective, so they are prepared for IT environments with less protection, and can act responsibly.

Recording and Reporting

Although documenting current efforts across a local education agency or state is difficult, there is a need to record and report C3 content being offered in schools. Improving learning includes understanding knowledge gaps, providing instruction, evaluating impact, and redesigning instruction. This process is aided by examining best practices rather than reinventing content in isolation. Analyzing existing content can also provide an opportunity for professional development. Prior to using existing curriculum in the classroom, teachers can assess whether they have the perquisite knowledge to teach it, if it is having an impact, why there are knowledge gaps for their students or in the curriculum, and prepare themselves and the content for better results.