Computer Security presents a challenge for educators in Computer Science and related fields. Although the need is clear, room for addressing security concerns is often lacking in computing curricula, and appropriate materials may be hard to find.
One approach to computer security education is the addition of new courses to the existing undergraduate course profile. Although relatively straightforward, this model has two significant drawbacks:
- Lack of time: Computing undergraduates are faced with a dizzying array of courses and requirements. New courses will add further constraints to majors that may already be seen as being overly restrictive.
- Lack of context: In relegating computer security to a stand-alone course, educators run the risk of implying that security is somehow an activity unto itself, as opposed to a concern that transcends many other computing topics.
Security injections address both of these concerns by building security in to existing courses, throughout the undergraduate computing curricula. As self-contained lab-based modules that challenge students to reflect upon security issues, these injections can be adapted for and adopted in courses ranging from introductory computer science to databases, networks, and web development.
Evaluation studies with these techniques indicates that injections can help increase awareness of computer security concerns.