Training Students to Steal: A Practical Assignment in Computer Security Education

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

7 Citations (Scopus)

Abstract

Practical courses in information security provide students with first-hand knowledge of technical security mechanisms and their weaknesses. However, teaching students only the technical side of information security leads to a generation of students that emphasize digital solutions, but ignore the physical and the social aspects of security. In the last two years we devised a course where students were given a practical assignment which includes a combination of physical security, social engineering and digital penetration testing. As part of the course, the students stole laptops using social engineering from unaware employees throughout the university campus. The assignment provided the students with a practical overview of security and increased their awareness of the strengths and weaknesses of security mechanisms. In this paper we present the design of the practical assignment and the observations from the execution.
Original languageUndefined
Title of host publicationProceedings of the 42nd ACM Technical Symposium on Computer Science Education (SIGCSE 2011)
Place of PublicationNew York
PublisherAssociation for Computing Machinery (ACM)
Pages21-26
Number of pages6
ISBN (Print)978-1-4503-0500-6
DOIs
Publication statusPublished - Mar 2011

Publication series

Name
PublisherACM

Keywords

  • METIS-271110
  • IR-74582
  • Laptop theft
  • Computer security education
  • EWI-18722
  • Social Engineering
  • Penetration Testing
  • SCS-Cybersecurity
  • CR-K.3.2
  • physical security

Cite this

Dimkov, T., Pieters, W., & Hartel, P. H. (2011). Training Students to Steal: A Practical Assignment in Computer Security Education. In Proceedings of the 42nd ACM Technical Symposium on Computer Science Education (SIGCSE 2011) (pp. 21-26). New York: Association for Computing Machinery (ACM). https://doi.org/10.1145/1953163.1953175
Dimkov, T. ; Pieters, Wolter ; Hartel, Pieter H. / Training Students to Steal: A Practical Assignment in Computer Security Education. Proceedings of the 42nd ACM Technical Symposium on Computer Science Education (SIGCSE 2011). New York : Association for Computing Machinery (ACM), 2011. pp. 21-26
@inproceedings{61b7c4190e644ef1aaf1a42e85870e11,
title = "Training Students to Steal: A Practical Assignment in Computer Security Education",
abstract = "Practical courses in information security provide students with first-hand knowledge of technical security mechanisms and their weaknesses. However, teaching students only the technical side of information security leads to a generation of students that emphasize digital solutions, but ignore the physical and the social aspects of security. In the last two years we devised a course where students were given a practical assignment which includes a combination of physical security, social engineering and digital penetration testing. As part of the course, the students stole laptops using social engineering from unaware employees throughout the university campus. The assignment provided the students with a practical overview of security and increased their awareness of the strengths and weaknesses of security mechanisms. In this paper we present the design of the practical assignment and the observations from the execution.",
keywords = "METIS-271110, IR-74582, Laptop theft, Computer security education, EWI-18722, Social Engineering, Penetration Testing, SCS-Cybersecurity, CR-K.3.2, physical security",
author = "T. Dimkov and Wolter Pieters and Hartel, {Pieter H.}",
year = "2011",
month = "3",
doi = "10.1145/1953163.1953175",
language = "Undefined",
isbn = "978-1-4503-0500-6",
publisher = "Association for Computing Machinery (ACM)",
pages = "21--26",
booktitle = "Proceedings of the 42nd ACM Technical Symposium on Computer Science Education (SIGCSE 2011)",
address = "United States",

}

Dimkov, T, Pieters, W & Hartel, PH 2011, Training Students to Steal: A Practical Assignment in Computer Security Education. in Proceedings of the 42nd ACM Technical Symposium on Computer Science Education (SIGCSE 2011). Association for Computing Machinery (ACM), New York, pp. 21-26. https://doi.org/10.1145/1953163.1953175

Training Students to Steal: A Practical Assignment in Computer Security Education. / Dimkov, T.; Pieters, Wolter; Hartel, Pieter H.

Proceedings of the 42nd ACM Technical Symposium on Computer Science Education (SIGCSE 2011). New York : Association for Computing Machinery (ACM), 2011. p. 21-26.

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - Training Students to Steal: A Practical Assignment in Computer Security Education

AU - Dimkov, T.

AU - Pieters, Wolter

AU - Hartel, Pieter H.

PY - 2011/3

Y1 - 2011/3

N2 - Practical courses in information security provide students with first-hand knowledge of technical security mechanisms and their weaknesses. However, teaching students only the technical side of information security leads to a generation of students that emphasize digital solutions, but ignore the physical and the social aspects of security. In the last two years we devised a course where students were given a practical assignment which includes a combination of physical security, social engineering and digital penetration testing. As part of the course, the students stole laptops using social engineering from unaware employees throughout the university campus. The assignment provided the students with a practical overview of security and increased their awareness of the strengths and weaknesses of security mechanisms. In this paper we present the design of the practical assignment and the observations from the execution.

AB - Practical courses in information security provide students with first-hand knowledge of technical security mechanisms and their weaknesses. However, teaching students only the technical side of information security leads to a generation of students that emphasize digital solutions, but ignore the physical and the social aspects of security. In the last two years we devised a course where students were given a practical assignment which includes a combination of physical security, social engineering and digital penetration testing. As part of the course, the students stole laptops using social engineering from unaware employees throughout the university campus. The assignment provided the students with a practical overview of security and increased their awareness of the strengths and weaknesses of security mechanisms. In this paper we present the design of the practical assignment and the observations from the execution.

KW - METIS-271110

KW - IR-74582

KW - Laptop theft

KW - Computer security education

KW - EWI-18722

KW - Social Engineering

KW - Penetration Testing

KW - SCS-Cybersecurity

KW - CR-K.3.2

KW - physical security

U2 - 10.1145/1953163.1953175

DO - 10.1145/1953163.1953175

M3 - Conference contribution

SN - 978-1-4503-0500-6

SP - 21

EP - 26

BT - Proceedings of the 42nd ACM Technical Symposium on Computer Science Education (SIGCSE 2011)

PB - Association for Computing Machinery (ACM)

CY - New York

ER -

Dimkov T, Pieters W, Hartel PH. Training Students to Steal: A Practical Assignment in Computer Security Education. In Proceedings of the 42nd ACM Technical Symposium on Computer Science Education (SIGCSE 2011). New York: Association for Computing Machinery (ACM). 2011. p. 21-26 https://doi.org/10.1145/1953163.1953175