The Teaching Security Lessons: Threat Modeling, Authentication, Social Engineering

The "Teaching Security" lessons introduce the foundational ideas of cybersecurity through threat modeling and the human-centered nature of authentication.

https://teachingsecurity.org/

Our lessons are designed to meet the cybersecurity learning objectives in the AP® Computer Science Principles (CSP) framework, but they are flexible enough to be used in any high school computer science class or program. The lessons are prepared by subject-matter experts with research backgrounds in the technical workings and social implications of cybersecurity.

We focus on hands-on, inquiry-based activities that allow students to explore how cybersecurity works. The resource also includes discussion guides, slide decks, educational videos, and assignments, as well as background information for teachers. Many of the activities are unplugged.

We currently have three lessons:

• The Security Mindset: Cybersecurity through Threat Modeling introduces students to the basic concepts of cybersecurity and the security mindset through a series of threat modeling activities. Threat modeling provides an overarching framework that students continue engaging with in the other lessons.
• What Is Authentication and Why Do We Need It? breaks down the role of user identification and authentication in keeping systems secure.
• Social Engineering: The Oldest Hack gets students thinking about how both human nature and the structure of the Internet contribute to social engineering attacks.

If you're planning to attend SIGCSE in March, join us for our workshop, "Teaching Cybersecurity in CSP (or Any CS Class): Introducing the Security Mindset"!

Teaching Security is developed at the International Computer Science Institute and University of California, Berkeley. Supported by grant CNS‐1636590 from the National Science Foundation (content does not necessarily reflect the views of the NSF).