Placing computer security at the heart of learning

In this paper we present the approach adopted at the UK’s Open University for teaching computer security to large numbers of students at a distance through supported open learning. We discuss how the production of learning materials at the university has had to change to reflect the ever-increasing rate of technological, legislative and social change within the computing discipline, and how the university has had to rethink the role of the academic in th ec ourse development process. We argue that computer security is best taught starting at th ee arliest level of undergraduate teaching and continuing through in-depth postgraduate study. We discuss our approach which combines the traditional technical aspects of security with discussions on the professional and ethical issues surrounding security and privacy. This approach presents computer security and privacy in the light of relevant legislative and regulatory regimes, thus the students have a firm grounding in the relevant national and international laws. We discuss the importance of international standards for information security risk assessment and management and as well as the relevance of forensic computing to a computer security curriculum. We conclude with an examination of our course development methodology and argue for a practitioner-led approach to teaching.