Training Students to Steal: A Practical Assignment in Computer Security Education

T. Dimkov; Wolter Pieters; Pieter H. Hartel

doi:10.1145/1953163.1953175

Training Students to Steal: A Practical Assignment in Computer Security Education

T. Dimkov, Wolter Pieters, Pieter H. Hartel

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

12 Citations (Scopus)

33 Downloads (Pure)

Abstract

Practical courses in information security provide students with first-hand knowledge of technical security mechanisms and their weaknesses. However, teaching students only the technical side of information security leads to a generation of students that emphasize digital solutions, but ignore the physical and the social aspects of security. In the last two years we devised a course where students were given a practical assignment which includes a combination of physical security, social engineering and digital penetration testing. As part of the course, the students stole laptops using social engineering from unaware employees throughout the university campus. The assignment provided the students with a practical overview of security and increased their awareness of the strengths and weaknesses of security mechanisms. In this paper we present the design of the practical assignment and the observations from the execution.

Original language	Undefined
Title of host publication	Proceedings of the 42nd ACM Technical Symposium on Computer Science Education (SIGCSE 2011)
Place of Publication	New York
Publisher	Association for Computing Machinery
Pages	21-26
Number of pages	6
ISBN (Print)	978-1-4503-0500-6
DOIs	https://doi.org/10.1145/1953163.1953175
Publication status	Published - Mar 2011
Event	42nd ACM Technical Symposium on Computer Science Education, SIGCSE’11 - Dallas, Texas, USA Duration: 9 Mar 2011 → 12 Mar 2011

Publication series

Name
Publisher	ACM

Conference

Conference	42nd ACM Technical Symposium on Computer Science Education, SIGCSE’11
Period	9/03/11 → 12/03/11
Other	March 9-12, 2011

Keywords

METIS-271110
IR-74582
Laptop theft
Computer security education
EWI-18722
Social Engineering
Penetration Testing
SCS-Cybersecurity
CR-K.3.2
physical security

Access to Document

10.1145/1953163.1953175

Cite this

@inproceedings{61b7c4190e644ef1aaf1a42e85870e11,

title = "Training Students to Steal: A Practical Assignment in Computer Security Education",

abstract = "Practical courses in information security provide students with first-hand knowledge of technical security mechanisms and their weaknesses. However, teaching students only the technical side of information security leads to a generation of students that emphasize digital solutions, but ignore the physical and the social aspects of security. In the last two years we devised a course where students were given a practical assignment which includes a combination of physical security, social engineering and digital penetration testing. As part of the course, the students stole laptops using social engineering from unaware employees throughout the university campus. The assignment provided the students with a practical overview of security and increased their awareness of the strengths and weaknesses of security mechanisms. In this paper we present the design of the practical assignment and the observations from the execution.",

keywords = "METIS-271110, IR-74582, Laptop theft, Computer security education, EWI-18722, Social Engineering, Penetration Testing, SCS-Cybersecurity, CR-K.3.2, physical security",

author = "T. Dimkov and Wolter Pieters and Hartel, {Pieter H.}",

year = "2011",

month = mar,

doi = "10.1145/1953163.1953175",

language = "Undefined",

isbn = "978-1-4503-0500-6",

publisher = "Association for Computing Machinery",

pages = "21--26",

booktitle = "Proceedings of the 42nd ACM Technical Symposium on Computer Science Education (SIGCSE 2011)",

address = "United States",

note = "42nd ACM Technical Symposium on Computer Science Education, SIGCSE{\textquoteright}11 ; Conference date: 09-03-2011 Through 12-03-2011",

}

Dimkov, T, Pieters, W & Hartel, PH 2011, Training Students to Steal: A Practical Assignment in Computer Security Education. in Proceedings of the 42nd ACM Technical Symposium on Computer Science Education (SIGCSE 2011). Association for Computing Machinery, New York, pp. 21-26, 42nd ACM Technical Symposium on Computer Science Education, SIGCSE’11, 9/03/11. https://doi.org/10.1145/1953163.1953175

Training Students to Steal: A Practical Assignment in Computer Security Education. / Dimkov, T.; Pieters, Wolter; Hartel, Pieter H.
Proceedings of the 42nd ACM Technical Symposium on Computer Science Education (SIGCSE 2011). New York: Association for Computing Machinery, 2011. p. 21-26.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Training Students to Steal: A Practical Assignment in Computer Security Education

AU - Dimkov, T.

AU - Pieters, Wolter

AU - Hartel, Pieter H.

PY - 2011/3

Y1 - 2011/3

N2 - Practical courses in information security provide students with first-hand knowledge of technical security mechanisms and their weaknesses. However, teaching students only the technical side of information security leads to a generation of students that emphasize digital solutions, but ignore the physical and the social aspects of security. In the last two years we devised a course where students were given a practical assignment which includes a combination of physical security, social engineering and digital penetration testing. As part of the course, the students stole laptops using social engineering from unaware employees throughout the university campus. The assignment provided the students with a practical overview of security and increased their awareness of the strengths and weaknesses of security mechanisms. In this paper we present the design of the practical assignment and the observations from the execution.

AB - Practical courses in information security provide students with first-hand knowledge of technical security mechanisms and their weaknesses. However, teaching students only the technical side of information security leads to a generation of students that emphasize digital solutions, but ignore the physical and the social aspects of security. In the last two years we devised a course where students were given a practical assignment which includes a combination of physical security, social engineering and digital penetration testing. As part of the course, the students stole laptops using social engineering from unaware employees throughout the university campus. The assignment provided the students with a practical overview of security and increased their awareness of the strengths and weaknesses of security mechanisms. In this paper we present the design of the practical assignment and the observations from the execution.

KW - METIS-271110

KW - IR-74582

KW - Laptop theft

KW - Computer security education

KW - EWI-18722

KW - Social Engineering

KW - Penetration Testing

KW - SCS-Cybersecurity

KW - CR-K.3.2

KW - physical security

U2 - 10.1145/1953163.1953175

DO - 10.1145/1953163.1953175

M3 - Conference contribution

SN - 978-1-4503-0500-6

SP - 21

EP - 26

BT - Proceedings of the 42nd ACM Technical Symposium on Computer Science Education (SIGCSE 2011)

PB - Association for Computing Machinery

CY - New York

T2 - 42nd ACM Technical Symposium on Computer Science Education, SIGCSE’11

Y2 - 9 March 2011 through 12 March 2011

ER -