Security education within the IT curriculum

摘要

As IT educators we have been asked to bring an increased awareness of information security into our classrooms and to help our students to gain a better awareness of the security implications of many of the things that they do. IT is not, however, a monolithic field, rather it is a discipline made up of several fairly well defined interest areas each of which have their own pedagogical concerns and issues, only some of which are in the area of security. This study is designed to gain a better understanding of the extent to which IT programs and the interest areas within them have changed to include a greater security component, and the means by which this has been accomplished (e.g. through the addition of new courses or the modification of existing courses).Data to support this area of inquiry has been drawn from several sources. Surveys were sent to attendees of CITC3 that directed them to a web form that gathered information about their perceptions of the need to change their programs and the means by which they had carried out the changes. Interviews were conducted with RIT teaching faculty during bi-monthly interest area meetings and a sample of survey respondents to gain a more in-depth understanding of the issues surrounding both the means and the extent of the changes they had accomplished.All of the respondents to this study felt that they needed to increase the amount of security content in their IT programs. While all of the respondents described their efforts as works in progress, only two had added new courses. Respondents were equally unanimous in feeling that security content needed to be spread across many courses rather than isolated in one course.Results from interviews conducted during interest area meetings with RIT faculty indicate the following: rn

rn
• While all of the interest areas indicated the need to modify their curriculum to enhance the security content in it, each of the interest areas had a very different conception of how this should be accomplished. rn
• Only thenetworking group saw the need to add additional courses to the existing curriculum. rn
• The database group felt that adding new security modules to existing courses was the best way to enhance the security content in their interest area.

The programming group interpreted the need to enhance students' awareness of security as a need to enhance students' awareness of good programming techniques and structures.