The objective of this project is to improve the security literacy of undergraduate Computer Science (CS) students by exposing them to computer security concepts and issues in their regular course of study in CS. Faculty whose primary teaching/research focus is not security are provided support for integrating security topics into their traditional upper division CS courses and for delivering learning material through the use of a multi-faceted instructional support system: Security Knitting Kit (SecKnitKit). The goals of this project are to improve security awareness, knowledge and interest of undergraduate CS students; to improve security awareness and teaching expertise for non-security faculty; and to promote the use of security integration strategy and materials for traditional CS courses in other institutions. Development and deployment of SecKnitKit assists non-security faculty to seamlessly and effectively weave security topics into CS courses like software engineering, operating systems, networks, and database management system. The project offer professional development opportunities for twelve non-security faculty to use SecKnitKit for their CS courses at their institutions. The proposed project is based on recommendations from experts in the security education field and draws from CS pedagogy that includes the teaching experiences of the project team, and feedback and participation from project participants. Once institutionalized at TTU and other regional institutions, the proposed research can lead to follow-up collaborative research and adoption of the multi-faceted instructional support system at other higher education institutions.
The Security Knitting Kit (SecKnitKit) project aims to improve security awareness, knowledge, and interest of undergraduate CS students by exposing them to computer security concepts and issues in their regular course of study. The project has developed, deployed, and disseminated a multi-faceted out-of-the-box instructional support system to empower non-security faculty who have no experience in teaching security but recognize the importance of security in today’s world and want to broaden their teaching repertoire. This project enables them to effectively weave relevant security topics into traditional computer science courses seamlessly. In year 1, CS undergraduate students were exposed to SecKnitKit material through four courses at Tennessee Tech University (TTU) in the Pilot deployment phase. These courses were Software Engineering, Operating Systems, Computer Networks, and Database Management Systems. Three non-security TTU faculty taught these courses and provided feedback which showed that they were able to deploy SecKnitKit in their courses with minimal effort. Overall, TTU students reported significant gains in knowledge, awareness, and progress related to computer security in the wide variety of areas addressed by the SecKnitKit. At the end of first academic year, a two day professional development workshop was attended by 15 non-security faculty from other institutions who teach any of these courses: software engineering, operating systems, networks and database management systems. They had no prior teaching experience in security, their curriculum did not offer any mandatory security courses and they had a definite interest in integrating security traditional CS courses. The workshop was evaluated through a survey of participants. All of the respondents found all of the sessions to be useful. All of the respondents also reported that the workshop provided an effective overview of the project and provided the information needed to implement the SecKnitKit. During the Summer 2013, Fall 2013 and Spring 2014, the SecKnitKit was implemented nationally. Responses were completed on both pre and post surveys from ten institutions (University of Wyoming, James Madison University, Murray State University, College of St. Scholastica, Fairmont State University, Middle Tennessee State University, University of Central Arkansas, University of North Carolina at Wilmington, University of North Texas and TTU). Overall, students reported significant gains in knowledge, awareness, and progress related to computer security in a wide variety of areas addressed by the SecKnitKit. The one area with a ceiling effect was the area of increasing student interest in computer security. While we were not able to demonstrate significant findings in this area, it was because students were coming into these courses with a very high level of interest in security. This is actually a very encouraging finding. This implies that if more courses and programs of study were offered in computer security, students are interested in participating. It is also possible that there is a self-selection bias, with students who are most interested in security signed up for courses in which they knew there would be a security component. In addition, the qualitative results provide insights as to what motivates students to either pursue or not to pursue a career in computer security. Interestingly across courses and universities some common themes arose as to why students were interested, as well as not interested, in a career in computer security. Understanding these reasons can have a broader impact on society. Because understanding student motivation for why they are interested or not interested in the field can help recruit more students into the field by both promoting the parts of security that motivates students in the field and addressing concerns that students might have about the field. Seven faculty members in the four courses completed the faculty survey. All faculty reported that after participating in this project, an awareness of the issues that relate to the project with varied degrees from somewhat aware to very much aware. All but one faculty member agreed that after participating in this project, they felt more comfortable teaching the CIA model and defense in depth. All faculty members agreed that they would like to teach more about computer security. Overall, the results indicate that this project has been a major success. Although funded for only local institutionalization, the project was successfully implemented nationwide. Students reported increased knowledge, awareness, and progress related to computer security. They also reported an exceptional level of interest in both learning more about computer security and careers in security fields. Similarly, faculty reported both an awareness and comfort with computer security topics from participating in this project. All components of the project were rated important to faculty in order to facilitate incorporation of security topics. All faculty were interested in teaching more about security and most faculty were interested in security related research and networking with others on security related topics. This project has demonstrated that non-security faculty can successfully incorporate the SecKnitKit in non-security focused courses.
