Paper Authors

Abstract

NOTE: The first page of text has been automatically extracted and included below in lieu of an abstract

Boundaries and Flows: A Strategy for Introducing Information Security to Undergraduates

Abstract

Outside of 2-year technical colleges, most postsecondary students aren’t offered coursework in information security until they have fulfilled upper division prerequisites in mathematics, software systems, and networking. This is because many textbooks present information security in terms of those other topics. We are experimenting with a different approach: a lower division undergraduate course that introduces students to the concepts of boundaries and information flows. Professional security engineers often analyze problems in terms of these basic concepts. The course introduces security concepts by starting with security issues of small scale perimeters, and incrementally expands the scope by looking in turn at shared single computers, local area networks, and the Internet.

1. Introduction

When the Computer and Information Sciences Department at the University of St. Thomas began to develop an information security program, two objectives emerged. A natural objective was for the program to draw new students into the department. A second goal was to provide an introductory security course that was accessible to as many students as possible. Ideally, this would be a lower division course available to sophomores and even qualified freshmen. The prerequisites would be limited to one introductory programming course and a college math course: this would provide a pool of students typically pursuing engineering and the sciences.

A lower division course like this, however, does not match the typical pattern for a computer security course. In most four year institutions, information security coursework begins with an upper division course whose prerequisites include networking, operating systems and, in some cases, advanced math courses. This was not the introductory course we wanted to teach.

We decided to plan a course with the following properties:

• Prerequisites limited to introductory programming and a college math course • Course work would promote higher order thinking skills according to Bloom’s taxonomy of cognitive learning levels4. • Content would teach students practical information security skills: skills that would help students analyze real-world security situations

In our search for support of this alternate course model, we examined numerous textbooks. At the high end are books like Bishop1 that focus on a mathematical treatment of the subject. Other texts, like Whitman and Mattord 11 do not require the mathematical background, but do not teach analytical techniques. Instead, they present lists of technologies and processes, which often yield courses based more on rote memorization or simple applications of predefined solutions to recognized problems. This does not prepare students to analyze real world problems, which evolve continuously in the face of escalating security threats.

• Citation

• Format
  • APA
  • APA - LaTeX bibitem
  • MLA
  • MLA - LaTeX bibitem
  • Bibtex
  • EndNote - RIS

Smith, R. (2008, June), Boundaries And Flows: A Strategy For Introducing Information Security To Undergraduates Paper presented at 2008 Annual Conference & Exposition, Pittsburgh, Pennsylvania. 10.18260/1-2--3116