Letter Grades for CertMaster Security+ Outcomes

[Jonathan Weiss]

I am completing my first semester using CertMaster Security+ as the basis of our "Information Security Fundamentals" course and need to assign letter grades at the end of the semester based on the results from the Boost Dashboard. This dashboard shows average PBQ, Quiz and Lab scores for each student, as well as the level of proficiency they have achieved in each module.

Has anyone yet mapped this output to appropriate letter grades, A, B, C, D, F?

I am thinking completion with an average across categories >= 90% AND median "Proficient" Proficiency, across all modules is an "A",
< 90% OR median < Proficient = "B".
Completion and >= 80% = "C"
Completion = "D"
and Incomplete = "F"

Any other ideas?

 

[Jarrel]

Does the CertMaster product that you got has a summative or cumulative assessment at the end? if yes, then you can probably use it as basis for the final grade. Otherwise, you may opt to create a summative assessment of your own - you are doing it for your InfoSec Fundamentals course anyway.

Using the average score per chapter could be okay. Just be mindful that the students might be able to retake the chapter quizzes multiple times.

Academic grading varies from one region to another. For grading reference in the US, see below:
Reference: https://nces.ed.gov/nationsreportcard/hsts/howgpa.aspx

Letter Grade ​	Percentage​
A	90-100
B	80–89%
C	70–79%
D	60–69%
F	≤59%

 

[Rick Butler]

When you're dealing with Academic grading, particularly at the Post-Secondary level, you really have to defer to what the Course Objectives are, that were declared as part of the course's accreditation. When you say the student got an "A" in the course, you are saying the student has satisfied 90% (assuming the ten-point scale) of the course's objectives. You have to be very careful because the tools you use (in your case, CertMaster), may or may not align to the declared course objectives.

In accredited US Department of Education courses, those course objectives are supposed to be stated in the Course Syllabus. Your school should have those clearly stated, with both the Syllabus and Lesson Plan supporting them.

They key is, if the objectives bring a student to a level of understanding, but CertMaster or you yourself set the bar, the student can come back on you, if he/she feels your course was too difficult for his/her skill. And if the Course Objectives only support a basic understanding of Network Security, versus what CertMaster calls "proficient", you could be setting yourself (and your school), up for some trouble.

When the course's title is "Information Security Fundamentals", I would question whether teaching to the CompTIA+ Security+ or an Introduction to Security was the overall objective. For example, when I taught a 100 level security class, I used this book, and I'll tell you, the course was not set up to prepare for the Sec+.

So, make sure what you are thinking of doing aligns to what the Institution's expectation of the course, lest this happens:

 

[Jarrel]

I like the cartoon! LOL

 

[Rick Butler]

I like the cartoon! LOL

I miss the old Rage comics.

 

[Jonathan Weiss]

Does the CertMaster product that you got has a summative or cumulative assessment at the end? if yes, then you can probably use it as basis for the final grade. Otherwise, you may opt to create a summative assessment of your own - you are doing it for your InfoSec Fundamentals course anyway.

Using the average score per chapter could be okay. Just be mindful that the students might be able to retake the chapter quizzes multiple times.

Academic grading varies from one region to another. For grading reference in the US, see below:
Reference: https://nces.ed.gov/nationsreportcard/hsts/howgpa.aspx

Letter Grade ​	Percentage​
A	90-100
B	80–89%
C	70–79%
D	60–69%
F	≤59%

I am certainly aware of this scale. CertMaster Boost gives % correct for PBQs, Practice Questions, Labs and Assessments. Almost all of my students have achieved >90% across these elements, so I am looking at unit proficiencies for additional differentiation. These are measured as "Beginner," "Intermediate," "Proficient," and "Advanced" for each of the 21 units.

 

[Jonathan Weiss]

When you're dealing with Academic grading, particularly at the Post-Secondary level, you really have to defer to what the Course Objectives are, that were declared as part of the course's accreditation. When you say the student got an "A" in the course, you are saying the student has satisfied 90% (assuming the ten-point scale) of the course's objectives. You have to be very careful because the tools you use (in your case, CertMaster), may or may not align to the declared course objectives.

In accredited US Department of Education courses, those course objectives are supposed to be stated in the Course Syllabus. Your school should have those clearly stated, with both the Syllabus and Lesson Plan supporting them.

They key is, if the objectives bring a student to a level of understanding, but CertMaster or you yourself set the bar, the student can come back on you, if he/she feels your course was too difficult for his/her skill. And if the Course Objectives only support a basic understanding of Network Security, versus what CertMaster calls "proficient", you could be setting yourself (and your school), up for some trouble.

When the course's title is "Information Security Fundamentals", I would question whether teaching to the CompTIA+ Security+ or an Introduction to Security was the overall objective. For example, when I taught a 100 level security class, I used this book, and I'll tell you, the course was not set up to prepare for the Sec+.

So, make sure what you are thinking of doing aligns to what the Institution's expectation of the course, lest this happens:

View attachment 628

This cartoon is the very reason I transitioned from a "home-grown" Information Security Fundamentals course to the CompTIA-approved version. I don't think any of my students (who are, with few exceptions, doing better than 90% against the key metrics from CertMaster) will say the course is too difficult for its objectives. Truthfully, I am starting to wonder if I should just give most of them A's at this point.

 

[Rick Butler]

Truthfully, I am starting to wonder if I should just give most of them A's at this point.

Again, what are the declared objectives for the course? I'm sure your academic team set those up, or did you write the syllabus yourself? Some schools allow for that, some declare the course's master objectives and then instructor builds from there. Some schools, like mine, will prescribe the entire curriculum and the instructor will teach it, adding his/her own flavor into it.

That's the crux of your decision point, I would think.

/r

 

[Jonathan Weiss]

Again, what are the declared objectives for the course? I'm sure your academic team set those up, or did you write the syllabus yourself? Some schools allow for that, some declare the course's master objectives and then instructor builds from there. Some schools, like mine, will prescribe the entire curriculum and the instructor will teach it, adding his/her own flavor into it.

That's the crux of your decision point, I would think.

/r

I authored them for the previous generation of the course, pre-migration to the official CompTIA version. They are stated as follows, but the overall goal is to prepare students for CompTIA Security+ certification.

CLO1	Describe information security topics, terms, and concepts
CLO2	Apply the Principles of Least Privilege, Confidentiality, Integrity, and Availability.
CLO3	Explain password security, encryption, phishing, browser security, etc. and identify SPAM email messages
CLO4	Demonstrate knowledge of basic cryptographic principles, processes, procedures, and applications

CLO5	Identify computer network basics and the meaning of TCP, IP, UDP, MAC, ARP, NAT, ICMP, DNS, etc. and their roles in network security.
CLO6	Utilize built-in Windows tools to observe and change network settings
CLO7	Discuss various security technologies, including anti-malware, firewalls, and intrusion detection systems.
CLO8	Describe physical security issues and how they support cybersecurity
CLO9	Demonstrate knowledge regarding incident response, business continuity, and disaster recover planning

 

[Rick Butler]

Ahh, so the course description that goes out in the Course Catalog will state this in some way as well? Because if so, then yep, it would be appropriate to use CertMaster in alignment with grading. But when these kinds of questions come up, my accreditation reviewer hat goes right on and I start asking those questions like an OccSpec reviewer would.

Many times in my experience, when an instructor gets a hold of a course, they have dreams and ambitions that may not align to what the Academics Department envisioned for the course. In fact, I made that mistake when I was teaching a couple of times.

Anyway, if yours and the schools defined endgame for the course is, in fact, to prepare for the exam, then game on. I also urge caution in your wording, because a student may take your course, not feel prepared and say that you didn't do what you were supposed to do. We often say, "aids in the preparation", to make sure the onus is on the student's effort.

/r