Teaching Computer Security Literacy
We have developed a module-based approach to teaching security literacy. These modules are designed to provide people of all ages from technical and non-technical backgrounds with the opportunity to formally learn about the many components of practical computer security. The prime goal of practical computer security literacy is to provide students with security context for many of the activities they encounter throughout their everyday use of computers and the Internet.
Over the past few years, the security topics and the modules used in the college level course have modified and supplemented with additional materials to support teaching security literacy to middle school and high school aged students. We have different types of materials and approaches to teaching the material based upon the instructor and the target age group, including: College Level, High School Level, Elementary & Middle School Level, and the General Public. All materials are available via creative commons.
If you are interested in piloting the materials or learning more about teaching a course, please contact us.
At Iowa State University, we have addressed this gap in computer security education by developing a course entitled “Introduction to Computer Security Literacy.” The specific purpose of this 8-week, 16-lecture course is to provide both students from technical and non-technical majors with the opportunity to formally learn about the many components of practical computer security knowledge. Although one would believe that students from technical majors (i.e., computer engineering, computer science, management information systems) have a perceived advantaged over their non-technical cohorts, past research on this subject has actually shown that before the beginning of the course both technical and non-technical students are on an equal playing field as far as practical cyber security knowledge is concerned. Having taught this course over ten times to more than 250 students, we draw on many lessons learned, and pedagogical approaches, as well as effective demonstrations and in-class activities that can be performed to support lecture concepts.
This course and its delivery method are particularly effective at accomplishing stated course outcomes in part because students have the opportunity to apply the knowledge learned in lecture when they next begin to interact with their computing devices and the Internet. Furthermore, the constant interaction that students have with technology increases awareness and repetition, which leads to the goal of synthesis. Therefore, when students are presented with a novel situation, they have the experience and background to make a sound security decision. Current event topics are also included in daily lecture content so that a direct connection can be made in what students are learning in the course with the events that are currently happening in the world.
The collegiate course that has been taught at Iowa State uses the video materials in a “flipped” course environment. The students watch the assigned instructional videos, read the assigned chapters in the required book, and then come to lecture where the instructor, a faculty member in the Computer Engineering department, conducts demonstrations or provides real world examples of the security literacy concepts covered in the weekly video assignments. At the end of the week, students must write a one to two paragraph essay answering an open-ended question that makes them apply the concepts covered that week.
More information can be found here.
High School Level
Devices that connect to the Internet are all around and students of all ages have these devices in their hands for an astounding number of hours throughout the day. School districts are continuously encouraging educators to incorporate technology into their curricula. With this near constant connectivity and at an age where the ‘it can’t happen to me’ mindset seems to be entrenched into their mentality, students need to be aware of cyber security issues and how to take steps towards mitigating these realistic security threats.
To help address this problem, a curriculum is being developed that focuses on learning computer security from the user’s point-of-view. The project contains materials for high school educators designed to be easy to understand and easy to use while subduing any fear educators may have about teaching the technology concepts in the classroom. The curriculum focuses on topics a user would face on a day-to-day basis, working to strengthen the weakest link in computer security, the user, by providing a concrete and applicable education regarding information technology. Students will relate the information they learn to real world situations through class-based discussions, case studies, and classroom assignments.
In addition to the classroom materials, we are in the midst of creating a website that will provide a lab environment designed to let students and teachers experience certain aspects of security for themselves.
The materials can be applied in and/or modified for all types of classrooms. The modules can be threaded throughout a pre-existing curriculum or presented as a formal semester long security literacy course. Lessons come with differentiation and alternative instruction suggestions. All curriculum materials are available to instructors free of charge by a creative commons license.
More information can be found here.
Elementary & Middle School Level
The first set of materials are called Cyber Toons and are short (1-3 minutes) videos designed to be played in a class to simulate discussion around a topic. While the Cyber Toons can be included into any class, they are more targeted at the middle school age. With each of the Cyber Toons we provide an instructors guide, discussion questions, and short assessments. During the 2015-16 school year over a dozen schools (grades 4-8) piloted the Cyber Toons.
The ultimate goal of this project is to have every Iowan educated on computer security. We have started reaching out to several entities in a “train the trainers” model – training trusted community members to help people learn about computer security. These entities include lunch and learn programs provided for members by the Iowa Banker’s Association, Iowa ISP’s providing tips on local cable, different public safety officials putting on community programs, various clubs teaching community members as a community service project, and the ISU Extension has offered free mini-classes for communities.
If you would like to get involved or learn about how you can bring computer security literacy training to your community, please contact us.
Don’t forget to follow us on social media!