Training Students to Steal: A Practical Assignment in Computer Security Education

T. Dimkov, Wolter Pieters, Pieter H. Hartel

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    7 Citations (Scopus)

    Abstract

    Practical courses in information security provide students with first-hand knowledge of technical security mechanisms and their weaknesses. However, teaching students only the technical side of information security leads to a generation of students that emphasize digital solutions, but ignore the physical and the social aspects of security. In the last two years we devised a course where students were given a practical assignment which includes a combination of physical security, social engineering and digital penetration testing. As part of the course, the students stole laptops using social engineering from unaware employees throughout the university campus. The assignment provided the students with a practical overview of security and increased their awareness of the strengths and weaknesses of security mechanisms. In this paper we present the design of the practical assignment and the observations from the execution.
    Original languageUndefined
    Title of host publicationProceedings of the 42nd ACM Technical Symposium on Computer Science Education (SIGCSE 2011)
    Place of PublicationNew York
    PublisherAssociation for Computing Machinery (ACM)
    Pages21-26
    Number of pages6
    ISBN (Print)978-1-4503-0500-6
    DOIs
    Publication statusPublished - Mar 2011

    Publication series

    Name
    PublisherACM

    Keywords

    • METIS-271110
    • IR-74582
    • Laptop theft
    • Computer security education
    • EWI-18722
    • Social Engineering
    • Penetration Testing
    • SCS-Cybersecurity
    • CR-K.3.2
    • physical security

    Cite this