Approaches To Undergraduate Instruction In Computer Security

Although economies of scale have turned the networked computer into a commodity, its usability at large is determined by the levels of security and privacy the technology can offer. This phenomenon has created a new landscape in which the demand for trained professionals in computer security is extremely high. Colleges and universities are still adapting to this reality and different approaches to computer security instruction are being used throughout the world. Our main contributions in this paper are the identification and the analyses of three main categories of approaches to instruction in computer security: single-course , track , and thread . The single-course approach, which is highly popular, is one in which the student is offered a survey of several different topics in computer security in one course in the curriculum, often an elective. Although it provides considerable breadth of topics, it cannot provide depth since it is only introductory by design. In the track, concentration, or program approach the student takes a sequence of courses specialized in security and information assurance. The resources required to implement this approach are numerous and therefore it is not applicable to a wide variety of schools and departments. To illustrate the discussion of these first two approaches, we present an informal survey of courses and programs in computer security throughout the U.S. The thread approach is seldom advertised or implemented and is a compromise which bridges the gap between the single-course and the track approaches. This approach uses security and privacy as a unifying theme across the standard core Computer Science or Computer Engineering curricula. We argue that this approach can effectively meet the educational needs of the computer professional of today using a minimum of resources.