Information Disclosure Incidents and Computing Education

We present an introduction to security incident encountered by academic institutions and follow up with our approach to user education by infusing information disclosure incidents in two courses laying at the extremes of the computer science curriculum: a General Education Introduction to Computing and an Advanced Topics Information Security course. The choice of the two courses is such that, while in the Intro to Computing course the students view the incidents from the user's point of view (and are either victims of larger incidents or the disclosers of their own information), in the Information Security course the students view it mainly as computing professionals asked to prepare against and handle such events. In each course, theoretical and hands-on activities were developed to increase both the students' awareness and the acquiring of skills enabling to recognize and defend against such incidents. Special activities included the development of a phishing education module, invited guests discussing information disclosure incidents, analysis of term of use contracts, and practical penetration testing tasks. In both courses, we note that the students' understanding of the topics increased, allowing them to prevent information disclosure incidents from occurring or to better handle the recovery aspect when they occur.