Placing computer security at the heart of learning

Abstract

In this paper we present the approach adopted at the UK's Open University for teaching computer security to large numbers of students at a distance through supported open learning. We discuss how the production of learning materials at the university has had to change to reflect the ever-increasing rate of technological, legislative and social change within the computing discipline, and how the university has had to rethink the role of the academic in the course development process. We argue that computer security is best taught starting at the earliest level of undergraduate teaching and continuing through in-depth postgraduate study. We discuss our approach which combines the traditional technical aspects of security with discussions on the professional and ethical issues surrounding security and privacy. This approach presents computer security and privacy in the light of relevant legislative and regulatory regimes, thus the students have a firm grounding in the relevant national and international laws. We discuss the importance of international standards for information security risk assessment and management and as well as the relevance of forensic computing to a computer security curriculum. We conclude with an examination of our course development methodology and argue for a practitioner-led approach to teaching. ©2008 National Instiute of Informatics.