Developing a Security Mindset

  • 1

Developing a Security Mindset

Category:Higher Education,Information Security,Infosec Communicator,Risk,Uncategorized Tags : 

In my Cyber Self Defense course at the Rochester Institute of Technology, I teach a module on Developing a Security Mindset. Based on a class exercise by Tadayoshi Kohno at the University of Washington (mentioned in a blog posting by Bruce Schneier), the goal of the module is to reorient students’ thinking from the features of a product and how those features are supposed to be used to thinking about how someone might “hack” the product. In other words, develop a security mindset.

I ask the students to determine product assets and vulnerabilities and identify how someone might attack  the product. The students are told that they do not have resources to counter every possible threat.

I also have the students create a risk map that depicts the likelihood of a particular attack and the potential impact of that attack. Placing specific threats on a risk map helps students understand that since not all threats bear the same weight they need to choose what is most important to defend against.

The twist to the exercise is that students may not conduct an analysis of a computer-related product. For example, subjects presented by my students this quarter included Water Purification, Bicycle Safety, Running a Pizza Business, etc. As the students presented, we discussed their risk maps and the choices they made.

Group one risk map for a water purification plant

Although we may not agree with the students’ risk map, the exercise stretches IT students to think “outside the box.”

Enhanced by Zemanta

1 Comment


Warning: Trying to access array offset on value of type null in /home/theint16/public_html/wp-content/themes/enigma-premium-advance3-7-3/core/comment-function.php on line 11

Tweets that mention Developing a Security Mindset « Infosec Communicator — Topsy.com

October 27, 2010at 11:31 pm

[…] This post was mentioned on Twitter by RIT InfoSec/Ben, Education, STC Rochester, Lori Meyer, Ben Woelk and others. Ben Woelk said: Developing a Security Mindset: https://wp.me/pVsey-bM […]

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,235 other subscribers

Categories

Support Introverted Leadership on Patreon

Blubrry affiliate banner