Training Students to Steal: A Practical Assignment in Computer Security Education

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    7 Citations (Scopus)

    Abstract

    Practical courses in information security provide students with first-hand knowledge of technical security mechanisms and their weaknesses. However, teaching students only the technical side of information security leads to a generation of students that emphasize digital solutions, but ignore the physical and the social aspects of security. In the last two years we devised a course where students were given a practical assignment which includes a combination of physical security, social engineering and digital penetration testing. As part of the course, the students stole laptops using social engineering from unaware employees throughout the university campus. The assignment provided the students with a practical overview of security and increased their awareness of the strengths and weaknesses of security mechanisms. In this paper we present the design of the practical assignment and the observations from the execution.
    Original languageUndefined
    Title of host publicationProceedings of the 42nd ACM Technical Symposium on Computer Science Education (SIGCSE 2011)
    Place of PublicationNew York
    PublisherAssociation for Computing Machinery (ACM)
    Pages21-26
    Number of pages6
    ISBN (Print)978-1-4503-0500-6
    DOIs
    Publication statusPublished - Mar 2011

    Publication series

    Name
    PublisherACM

    Keywords

    • METIS-271110
    • IR-74582
    • Laptop theft
    • Computer security education
    • EWI-18722
    • Social Engineering
    • Penetration Testing
    • SCS-Cybersecurity
    • CR-K.3.2
    • physical security

    Cite this

    Dimkov, T., Pieters, W., & Hartel, P. H. (2011). Training Students to Steal: A Practical Assignment in Computer Security Education. In Proceedings of the 42nd ACM Technical Symposium on Computer Science Education (SIGCSE 2011) (pp. 21-26). New York: Association for Computing Machinery (ACM). https://doi.org/10.1145/1953163.1953175
    Dimkov, T. ; Pieters, Wolter ; Hartel, Pieter H. / Training Students to Steal: A Practical Assignment in Computer Security Education. Proceedings of the 42nd ACM Technical Symposium on Computer Science Education (SIGCSE 2011). New York : Association for Computing Machinery (ACM), 2011. pp. 21-26
    @inproceedings{61b7c4190e644ef1aaf1a42e85870e11,
    title = "Training Students to Steal: A Practical Assignment in Computer Security Education",
    abstract = "Practical courses in information security provide students with first-hand knowledge of technical security mechanisms and their weaknesses. However, teaching students only the technical side of information security leads to a generation of students that emphasize digital solutions, but ignore the physical and the social aspects of security. In the last two years we devised a course where students were given a practical assignment which includes a combination of physical security, social engineering and digital penetration testing. As part of the course, the students stole laptops using social engineering from unaware employees throughout the university campus. The assignment provided the students with a practical overview of security and increased their awareness of the strengths and weaknesses of security mechanisms. In this paper we present the design of the practical assignment and the observations from the execution.",
    keywords = "METIS-271110, IR-74582, Laptop theft, Computer security education, EWI-18722, Social Engineering, Penetration Testing, SCS-Cybersecurity, CR-K.3.2, physical security",
    author = "T. Dimkov and Wolter Pieters and Hartel, {Pieter H.}",
    year = "2011",
    month = "3",
    doi = "10.1145/1953163.1953175",
    language = "Undefined",
    isbn = "978-1-4503-0500-6",
    publisher = "Association for Computing Machinery (ACM)",
    pages = "21--26",
    booktitle = "Proceedings of the 42nd ACM Technical Symposium on Computer Science Education (SIGCSE 2011)",
    address = "United States",

    }

    Dimkov, T, Pieters, W & Hartel, PH 2011, Training Students to Steal: A Practical Assignment in Computer Security Education. in Proceedings of the 42nd ACM Technical Symposium on Computer Science Education (SIGCSE 2011). Association for Computing Machinery (ACM), New York, pp. 21-26. https://doi.org/10.1145/1953163.1953175

    Training Students to Steal: A Practical Assignment in Computer Security Education. / Dimkov, T.; Pieters, Wolter; Hartel, Pieter H.

    Proceedings of the 42nd ACM Technical Symposium on Computer Science Education (SIGCSE 2011). New York : Association for Computing Machinery (ACM), 2011. p. 21-26.

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    TY - GEN

    T1 - Training Students to Steal: A Practical Assignment in Computer Security Education

    AU - Dimkov, T.

    AU - Pieters, Wolter

    AU - Hartel, Pieter H.

    PY - 2011/3

    Y1 - 2011/3

    N2 - Practical courses in information security provide students with first-hand knowledge of technical security mechanisms and their weaknesses. However, teaching students only the technical side of information security leads to a generation of students that emphasize digital solutions, but ignore the physical and the social aspects of security. In the last two years we devised a course where students were given a practical assignment which includes a combination of physical security, social engineering and digital penetration testing. As part of the course, the students stole laptops using social engineering from unaware employees throughout the university campus. The assignment provided the students with a practical overview of security and increased their awareness of the strengths and weaknesses of security mechanisms. In this paper we present the design of the practical assignment and the observations from the execution.

    AB - Practical courses in information security provide students with first-hand knowledge of technical security mechanisms and their weaknesses. However, teaching students only the technical side of information security leads to a generation of students that emphasize digital solutions, but ignore the physical and the social aspects of security. In the last two years we devised a course where students were given a practical assignment which includes a combination of physical security, social engineering and digital penetration testing. As part of the course, the students stole laptops using social engineering from unaware employees throughout the university campus. The assignment provided the students with a practical overview of security and increased their awareness of the strengths and weaknesses of security mechanisms. In this paper we present the design of the practical assignment and the observations from the execution.

    KW - METIS-271110

    KW - IR-74582

    KW - Laptop theft

    KW - Computer security education

    KW - EWI-18722

    KW - Social Engineering

    KW - Penetration Testing

    KW - SCS-Cybersecurity

    KW - CR-K.3.2

    KW - physical security

    U2 - 10.1145/1953163.1953175

    DO - 10.1145/1953163.1953175

    M3 - Conference contribution

    SN - 978-1-4503-0500-6

    SP - 21

    EP - 26

    BT - Proceedings of the 42nd ACM Technical Symposium on Computer Science Education (SIGCSE 2011)

    PB - Association for Computing Machinery (ACM)

    CY - New York

    ER -

    Dimkov T, Pieters W, Hartel PH. Training Students to Steal: A Practical Assignment in Computer Security Education. In Proceedings of the 42nd ACM Technical Symposium on Computer Science Education (SIGCSE 2011). New York: Association for Computing Machinery (ACM). 2011. p. 21-26 https://doi.org/10.1145/1953163.1953175