Security across the curriculum and beyond

Society's dependency on information technology has drastically outpaced educational curricula and the opportunities that universities and higher education institutes provide to students from both technical (e.g., computer engineering, computer science) and non-technical majors. To increase the opportunities for all students to learn how protect themselves as individuals and others as professionals from numerous cyber threats the focus of this work is to identify gaps in engineering curricula and present novel approaches to fulfill the growing and diverse needs of cyber security education. The overall objective of this paper is to make security education accessible, relevant, and tangible across educational curricula, as well as to provide the framework to extend these efforts beyond university classrooms and into community colleges and high schools. While the predominant focus, research, and innovative practices in the area of cyber security have focused on technical students at the university level, this work instead concentrates on the demographic of students that desire to learn about cyber security without having to major in computer engineering, for example. In this paper we present a three-tiered framework that provides breadth and depth to security education across multiple education levels. This all-encompassing framework for security education includes providing (1) formal literacy-based training for students of all backgrounds, (2) inquiry-based learning through security- and technically-focused student groups and activities, and (3) classical technical·based initiatives. For each of these respective areas, previous research and efforts are discussed as well as the innovative practices that we have developed to address identified educational gaps.