ABSTRACT
Recently, general understanding of the importance of system security has increased and has been reflected in undergraduate and graduate curricula that offer security courses. These security education components are certainly a step in the right direction and should contribute to increased attention to security during the design and development phases of software and system engineering. However, the importance of system security is not always reflected in the quantity of required security courses or the budget allocated for such courses. One way for getting the most "bang for the buck" when it comes to security education is to have a small set of concentrated security courses that pair hands-on labs and lasting security principles; then, augment these security courses with additional security components and activities in other required courses from the curriculum. To provide education that is both relevant now and in the future, we use a principles-based approach together with hands-on security labs. We offer seven strategies for making this approach successful. Based on direct observation, student surveys, anecdotal evidence, and job placement, we believe that this approach has been successful in producing graduates both conscious of security issues and capable of designing and developing secure systems.
- Anzai, Y., and Simon, H. A. 1979. The theory of learning by doing. Psychological Review, 86, (2), 124--140.Google Scholar
- Criteria for accrediting computing programs. 2009. ABET Website. http://www.abet.org/forms.shtmlGoogle Scholar
- Foundstone Free Tools. http://www.foundstone.com/us/resources-free-tools.aspGoogle Scholar
- Fraud and related activity in connection with computers. 2009. Title 18 U.S.C§ 1030.Google Scholar
- Graves, K. 2007. CEH: Official Certified Ethical Hacker Review Guide: Exam 312--50. Sybex. Google ScholarDigital Library
- H. R. 3482--107th Congress: Cyber Security Enhancement Act of 2002. 2001. In GovTrack.us (database of federal legislation). http://www.govtrack.us/congress/bill.xpd?bill=h107-3482Google Scholar
- Long, J. 2007. Google hacking for penetration testers, 1st ed. Syngress. Google ScholarDigital Library
- OWASP Top Ten Web Application Security Risks. 2010. Open Web Application Security Project. http://www.owasp.org/index.php/Category:OWASP_Top_Ten_ProjectGoogle Scholar
- Pfleeger, S. & Pfleeger, C. 2006. Security in Computing. US: Prentice Hall. Google ScholarDigital Library
- Pirolli, P. L. and Anderson, J. R. 1985. The role of learning from examples in the acquisition of recursive programming skills, Canadian Journal of Psychology, 39, (2), 240--272, (June 1985).Google ScholarCross Ref
- Wiggins, G. P. 1993. Assessing student performance. San Francisco: Jossey-Bass Publishers.Google Scholar
- Wiggins, G., and McTighe, J. 1998. Understanding by design. Alexandria, VA: Association for Supervision and Curriculum Development.Google Scholar
Index Terms
- Security education on a budget: getting the most "bang for the buck" with limited time and resources
Recommendations
Where security education is lacking
InfoSecCD '05: Proceedings of the 2nd annual conference on Information security curriculum developmentSecurity vulnerabilities have grown at a tremendous pace during the last decade. Security education and related courses in universities have caught up in the last few years. This paper aims to determine disparities, if any, between the security ...
Bringing security into traditional computer science courses: challenges and support (abstract only)
SIGCSE '13: Proceeding of the 44th ACM technical symposium on Computer science educationIn today's world, it is critical that our students get exposure to security education as part of their Computer Science (CS) curriculum. The lack of security consciousness in digital workforce is costing businesses, government, and citizens severely ...
Providing an experiential cybersecurity learning experience through mobile security labs
SEAD '18: Proceedings of the 1st International Workshop on Security Awareness from Design to DeploymentThe reality of today's computing landscape already suffers from a shortage of cybersecurity professionals, and this gap only expected to grow. We need to generate interest in this STEM topic early in our student's careers and provide teachers the ...
Comments