One of our student workers at the RIT Information Security Office shared this security awareness video from YouTube.
What do you think of it?
Lightning talks introduce an additional element of stress for the presenters: the slides advance every 15 seconds whether they’re ready or not. Our audience was ~150 Summit attendees, so we were presenting to our peers as well.
It’s quite the experience sharing the stage with eight other presenters with totally different styles. Would I do it again? In a heartbeat!
In my Cyber Self Defense course at the Rochester Institute of Technology, I teach a module on Developing a Security Mindset. Based on a class exercise by Tadayoshi Kohno at the University of Washington (mentioned in a blog posting by Bruce Schneier), the goal of the module is to reorient students’ thinking from the features of a product and how those features are supposed to be used to thinking about how someone might “hack” the product. In other words, develop a security mindset.
I ask the students to determine product assets and vulnerabilities and identify how someone might attack the product. The students are told that they do not have resources to counter every possible threat.
I also have the students create a risk map that depicts the likelihood of a particular attack and the potential impact of that attack. Placing specific threats on a risk map helps students understand that since not all threats bear the same weight they need to choose what is most important to defend against.
The twist to the exercise is that students may not conduct an analysis of a computer-related product. For example, subjects presented by my students this quarter included Water Purification, Bicycle Safety, Running a Pizza Business, etc. As the students presented, we discussed their risk maps and the choices they made.
Although we may not agree with the students’ risk map, the exercise stretches IT students to think “outside the box.”