Asee peer logo

Boundaries And Flows: A Strategy For Introducing Information Security To Undergraduates

Download Paper |


2008 Annual Conference & Exposition


Pittsburgh, Pennsylvania

Publication Date

June 22, 2008

Start Date

June 22, 2008

End Date

June 25, 2008



Conference Session

Information and Network Security

Tagged Division

Information Systems

Page Count


Page Numbers

13.255.1 - 13.255.10



Permanent URL

Download Count


Request a correction

Paper Authors


Richard Smith U. of St. Thomas - St. Paul

visit author page

Assistant Professor at the University of St. Thomas and author of two books on information security.

visit author page

Download Paper |

NOTE: The first page of text has been automatically extracted and included below in lieu of an abstract

Boundaries and Flows: A Strategy for Introducing Information Security to Undergraduates


Outside of 2-year technical colleges, most postsecondary students aren’t offered coursework in information security until they have fulfilled upper division prerequisites in mathematics, software systems, and networking. This is because many textbooks present information security in terms of those other topics. We are experimenting with a different approach: a lower division undergraduate course that introduces students to the concepts of boundaries and information flows. Professional security engineers often analyze problems in terms of these basic concepts. The course introduces security concepts by starting with security issues of small scale perimeters, and incrementally expands the scope by looking in turn at shared single computers, local area networks, and the Internet.

1. Introduction

When the Computer and Information Sciences Department at the University of St. Thomas began to develop an information security program, two objectives emerged. A natural objective was for the program to draw new students into the department. A second goal was to provide an introductory security course that was accessible to as many students as possible. Ideally, this would be a lower division course available to sophomores and even qualified freshmen. The prerequisites would be limited to one introductory programming course and a college math course: this would provide a pool of students typically pursuing engineering and the sciences.

A lower division course like this, however, does not match the typical pattern for a computer security course. In most four year institutions, information security coursework begins with an upper division course whose prerequisites include networking, operating systems and, in some cases, advanced math courses. This was not the introductory course we wanted to teach.

We decided to plan a course with the following properties:

• Prerequisites limited to introductory programming and a college math course • Course work would promote higher order thinking skills according to Bloom’s taxonomy of cognitive learning levels4. • Content would teach students practical information security skills: skills that would help students analyze real-world security situations

In our search for support of this alternate course model, we examined numerous textbooks. At the high end are books like Bishop1 that focus on a mathematical treatment of the subject. Other texts, like Whitman and Mattord 11 do not require the mathematical background, but do not teach analytical techniques. Instead, they present lists of technologies and processes, which often yield courses based more on rote memorization or simple applications of predefined solutions to recognized problems. This does not prepare students to analyze real world problems, which evolve continuously in the face of escalating security threats.

Smith, R. (2008, June), Boundaries And Flows: A Strategy For Introducing Information Security To Undergraduates Paper presented at 2008 Annual Conference & Exposition, Pittsburgh, Pennsylvania. 10.18260/1-2--3116

ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2008 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015