Security Injections at Towson University
Despite the critical societal importance of computer security, security is not well integrated into the undergraduate computing curriculum. Undergraduate classes or security tracks treat security issues as separable topics like database or software engineering, as opposed to fundamental issues that pervade all aspects of software development. Training the next generation of computing professionals to build secure software will require an emphasis on teaching computer security foundations, principles, and skills. If students are to learn these skills (as opposed to insecure bad habits), security can no longer be an afterthought, but instead must be seamlessly integrated in undergraduate computing education
Security injections are of strategically-placed security-related modules for existing undergraduate classes. The combination of lab exercises and student-completed checklists in these security injections has helped us teach security across the curriculum without adding extra pressure on already-overburdened undergraduate degree programs. As reported in a 2008 SIGCSE paper, initial deployment in introductory computer science classes at Towson University indicated an increase in student awareness of security concerns when security injections were used
Our goal is to create learning materials and teaching strategies suitable for minimally-disruptive introduction of security concepts in undergraduate computing curricula. We will develop and introduce security lab assignments and checklists for introduction to computer information systems, databases, software engineering, and other computing classes. These materials will be developed and tested at Towson University, Bowie State University, and Anne Arundel, Harford, and Baltimore County community colleges. Eventually, we will work to introduce these materials at all 15 educational institutions in the Maryland Alliance for Information Security Assurance.
This broader dissemination will help us meet our goals of increasing
- Students' security awareness
- Students' ability to apply security principles
- Faculty security awareness
A variety of approaches will be used to assess the success of these efforts, both in terms of engaging faculty and educating students.
|
This project is supported by the National Science Foundation under grant DUE-0817267. Any opinions, findings, conclusions, or recommendations expressed are those of the authors and do not necessarily reflect the views of the National Science Foundation. |