the optional subjects are four-month courses and average to. 6 credits. Computer security is an optional 6-credit subject (4 theoretical and 2 practical), usually ...
A Proposal for a Computer Security Course Jon Ander Elorriaga, Julidn Guti6rrez, Jesfis Ibdfiez, Imanol Usandizaga Languages and Computer Systems Department University of the Basque Country / Euskal Herriko Unibertsitatea 649 Posta Kutxa E-20.080 Donostia, Basque Country {jibelarj, gutierrez} @si.ehu.es
Abstract Computer security is a relatively new subject in computer science curricula. We notice this in a moderate academic incidence or in an incomplete syllabus in most of the computer science teaching, The main goal of this article is to share the two years academic experience of the authors in this matter. The article makes a proposal for a first computer security subject. This proposal discusses theoretical and practical contents and the use of a different didactic methodology. Finally, the article refers to the positive results obtained on the students learning and acceptation of the contents taught and the used methodology, Marks and the results of a test made to the student population have confirmed this. 1. Introduction
approaches, because of its following special characteristics. • Enormous importance of computer security: increasing complexity of computer systems and their exposure to an inter-net worked world demand a conscious educational effort to provide a professional training including computer security concern and discipline. The number and capabilities of the potential attackers and subsequent risks also grow rapidly due to technical evolution (hardware, software and networking). • Computer security as an unsettled discipline: the aforementioned quick changes also imply a very short updating cycle in the field. Therefore, the need of flexibility in both the structure and contents of the course, especially in what concerns the practical experience of the students. • Growing professional impact: the more concern about security, the more professional incidence. All responsible organizations need well-trained personnel capable to incorporate security procedures, measures and prospects. For example, only one of three Spanish companies has fulltime personnel dedicated to security; therefore, the job opportunities are growing. • Moderate academic incidence: few academic centers around the world have a curriculum with sound security contents. In most of the Universities, they have security concerns, but it is mainly limited to cryptography and network/Interuet security. Other important concepts as physical security, security policies, formal security models or organization and maintenance of security plans and procedures are not included in the curriculum. • Optionality of the subject: the students who choose it are well motivated and it is possible to establish a commitment between student and teacher about many aspects of the subject's dynamics. Positive responses to the introduction of unusual activities or evaluation methods are more likely to occur in an optional subject. Our motivation is clear: to provide a complete
1.1 Context We have taught the computer security subject for two years in computer engineering studies at the University of the Basque Country. These studies consist of 330 credits (1 credit = 10 hours) organized in two cycles of 180 and 150 credits respectively. Among these, students must fulfill 225 through the 35 subjects that compose the obligatory part of the curriculum. Students must fulfill 57 credits chosen among its 46 optional subjects. Also, 33 are free-choice credits that the students can take from complementary curricula. Finally, students do a 15-credit final project. All the optional subjects are four-month courses and average to 6 credits. Computer security is an optional 6-credit subject (4 theoretical and 2 practical), usually taken in the third or fourth year. We deliver the course contents during 15 week:s, in three weekly lessons of 80 minutes (corresponding to 2 theoretical and 1 practical session). Due to the bilingual nature of our community, the University of the Basque Country teaches in the two official languages, Basque (called in the native language Euskera) and Spanish. Hence, there are two groups of students, one taught in each language. In this two-year experience, the size of the groups has been of 63 and 68 students in the Spanish group, and 15 and 44 in the Euskera group. Additionally, we divide each group into two practice subgroups so that the number of students does not exceed 36 people. During these exercise lessons, the students work in two- to four-person teams. Due to the increasing interest of the students, we expect the maximum size of the Spanish group to grow from 72 to 96 for next year, with three practice subgroups of 32 students. 1.2 Motivation We conceived the subject, using innovative teaching
SIGCSE Bulletin
i~7~77
