More Web Proxy on the site http://driver.im/

article

Free access

Increasing students security awareness: article II. What C.S. graduates don`t learn about security concepts and ethical standards

Author:

Janet M. CookAuthors Info & Claims

ACM SIGCSE Bulletin, Volume 18, Issue 1

Pages 89 - 96

https://doi.org/10.1145/953055.5650

Published: 01 February 1986 Publication History

Abstract

Students think that security is crime prevention, someone else's business. In fact, security is error prevention and is everybody's business.

At government and industrial conferences employers complain that C.S. and C.I.S. graduates

1) don't see security as a significant factor in getting their jobs done, and

2) don't have a clear conception of what constitutes ethical professional behavior.

This article, demonstrates ways to integrate into existing courses activities that promote students' awareness of professional responsibilities to protect the integrity of the systems and data they work with, and of accepted professional ethical standards.

References

[1]

DPMA survey conducted by Detmar S~raub of Indiana University, Bloomington, Ind., as reported in "Crime s srvey indicts ' insiders ' ", by John Desmond, Computerworld, June i0, 1985, p.2.

[2]

Courtney, Robert H. Jr., 'Computer Security: The Menace Is Human Error', The Office, March 1984, pp 119-20. Quoted in Computers & Security, Vol. 3, Nr. 3, p. 240.

[3]

The Department of Defense, ~s~ STD-001-83, 15 August 1983, defines "a uniform set of basic requirements and evaluation classes for assessing the effectiveness of security controls built into Automatic Data Processing (ADP) systems.for use in the evaluation and selection of ADP systems being considered for the processing and/or storage and retrieval of sensitive or calssified information by the Dapartment of Defense." (Foreward, p. i) This "Orange Book" of criteria is urged upon all contractors wishing to do business with the Department of Defense. "Point of contact concerning this publication is the Office of Standards and Products, Attention: Chief, Computer Security Standards."

[4]

Remark made by Howard M. Anderson, Managing Director, The Yankee Group, talking on "Resolving the Conflict: User Friendliness vs. Effective Security" at the CSI 12th Annual Computer Security Conference, Nov. 1985, Chicago.

[5]

If you are using a text which does stress problem prevention as an integral part of problem solving in some course, please write and tell me about it, and tell me your over-all opinion of the effectiveness of the book. I'll add the book to the text book list I am compiling.

[6]

Parker, bonn B., and Nycum, Susan H., 'Computer Crime', ~Q_m~uD~~Ds_~f J~b@_~CM, April 1984, V. 27 Nr. 4, p.314.

Digital Library

[7]

Cited also by William H. Murray of IBM at the CSI 12th Annual Computer Security Conference, Chicago, Ill., during the panel discussion on Nov. 6, 1985. Courtney has been citing this study in talks since 1975, at least.

[8]

For more examples, see Cook~ Janet M.,' INCREASING STUDENTS ' SECURITY AWARENESS: ARTICLE I, Teaching Integrity Features: Using Data Verification to Illustrate the use of Subprocedures in Elementary Programming Classes', ~I~ES~ ~oc~~DEs, Mar ch, 1985.

[9]

Rubinstein, Richard & Hersh, Harry, The Human Factor, Digital Press, 1984, pp. 142-3.

[10]

Ibid., pp. 131-152.

[11]

Martin, James, Security, Acuracy, Hall, inc., 1973, p. 25.

[12]

Glass, Robert L., Software solliE~es, Computing Trends, Seattle, 1981, Chapter IV. I, pp. 54-64. The chapter, entitled Persistent Software Errors, is cited as having been published previously in IEEE Transactions of Software Engineering, but no date is given.

[13]

An example given by Robert H. Courtney, Jr., of RCI, during his address on "Changing Perceptions of the Relative Importance of Security and Control" at the CSI 12 Annual Computer Security Conference, Chicago, Nov. 4, 1985.

[14]

Newsweek, 'Teaching Hackers Ethics ' Jan 14 1985 Education section.

[15]

Attacks are simple since an attacker has only a handful of people to psych out. The challange in protecting a system is to anticipate anything ANYONE might try. This is hard to simulate in a class where students know each other. By assigning 4-5 person teams to block each other ' s attacks, however,c lose f r lends can be put on different teams.

[16]

Anderson, Howard M., loc. cit.

[17]

Shelly, Gary B., and Cashman, Thomas J., Introduction to Computers and Data Processing, Anaheim Publishing Company, 1980, transparency master of Figure 13-2, T155.

Digital Library

[18]

Parker, Donn B., Ethical Conflicts in Computer Sciences and Technology, AFIPS Press. Several sectionsare reproduced in Fighting Computer Crime, by Donn B. Parker, Charles Scribner's Sons, 1983, Part Four: Ethical Conflicts in Computing, pp. 191-226.

[19]

Johnson, Douglas W., Computer Ethics, a Guide for the New Age, The Brethren Press, Elgin, IL., 1984, is a more general reference.

Digital Library

[20]

For the ACM Code of Professional Conduct, see Parker, loc. tit. : E~bi~l ~ch~ ol~s~, pp. 159 - 62, o r Communications of the ACM, Vol. 11, No. 2, Feb. 1968. For the DPMA Code of Ethics, see any DPMA membership certificate or write to Data Process ing Management Association, 505 Busse Highway, Park Ridge, IL, 60068.

Cited By

Brown NXie BSarder EFiesler CWiese E(2023)Teaching Ethics in Computing: A Systematic Literature Review of ACM Computer Science Education PublicationsACM Transactions on Computing Education10.1145/363468524:1(1-36)Online publication date: 27-Nov-2023
https://dl.acm.org/doi/10.1145/3634685
Gan LKoh H(2006)An empirical study of software piracy among tertiary institutions in SingaporeInformation and Management10.1016/j.im.2006.03.00543:5(640-649)Online publication date: 1-Jul-2006
https://dl.acm.org/doi/10.1016/j.im.2006.03.005
Adve VLam VEnsink B(2001)Language and Compiler Support for Adaptive Distributed ApplicationsACM SIGPLAN Notices10.1145/384196.38422936:8(238-246)Online publication date: 1-Aug-2001
https://dl.acm.org/doi/10.1145/384196.384229
Show More Cited By

Index Terms

Increasing students security awareness: article II. What C.S. graduates don`t learn about security concepts and ethical standards

Recommendations

Increasing students security awareness: article II. What C.S. graduates don`t learn about security concepts and ethical standards
SIGCSE '86: Proceedings of the seventeenth SIGCSE technical symposium on Computer science education
Students think that security is crime prevention, someone else's business. In fact, security is error prevention and is everybody's business.

At government and industrial conferences employers complain that C.S. and C.I.S. graduates
- 1) don't see security ...
Learn FileMaker Pro 5.5 with Cdrom
Labeling-in Security

Using exams to create labels for our workforce might sound like a way to get more trustworthy systems, but it's not. If it walks like a duck, quacks like a duck, and looks like a duck, then there's good reason to believe that it's a duck. But you don't ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM SIGCSE Bulletin

ACM SIGCSE Bulletin Volume 18, Issue 1

Proceedings of the 17th SIGCSE symposium on Computer science education

February 1986

304 pages

ISSN:0097-8418

DOI:10.1145/953055

Issue’s Table of Contents

SIGCSE '86: Proceedings of the seventeenth SIGCSE technical symposium on Computer science education
February 1986
336 pages
ISBN:0897911784
DOI:10.1145/5600
Editors:
Joyce Currie Little
Towson State Univ., Baltimore, MD
,
Lillian N. Cassel
Univ. of Delaware, Newark

Copyright © 1986 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 February 1986

Published in SIGCSE Volume 18, Issue 1

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

24
Total Citations
View Citations
612
Total Downloads

Downloads (Last 12 months)67
Downloads (Last 6 weeks)6

Reflects downloads up to 23 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Brown NXie BSarder EFiesler CWiese E(2023)Teaching Ethics in Computing: A Systematic Literature Review of ACM Computer Science Education PublicationsACM Transactions on Computing Education10.1145/363468524:1(1-36)Online publication date: 27-Nov-2023
https://dl.acm.org/doi/10.1145/3634685
Gan LKoh H(2006)An empirical study of software piracy among tertiary institutions in SingaporeInformation and Management10.1016/j.im.2006.03.00543:5(640-649)Online publication date: 1-Jul-2006
https://dl.acm.org/doi/10.1016/j.im.2006.03.005
Adve VLam VEnsink B(2001)Language and Compiler Support for Adaptive Distributed ApplicationsACM SIGPLAN Notices10.1145/384196.38422936:8(238-246)Online publication date: 1-Aug-2001
https://dl.acm.org/doi/10.1145/384196.384229
Brunsch DO'Ryan CSchmidt D(2001)Designing an Efficient and Scalable Server-side Asynchrony Model for CORBAACM SIGPLAN Notices10.1145/384196.38422736:8(223-229)Online publication date: 1-Aug-2001
https://dl.acm.org/doi/10.1145/384196.384227
Larus JParkes M(2001)Using Cohort Scheduling to Enhance Server Performance (Extended Abstract)ACM SIGPLAN Notices10.1145/384196.38422236:8(182-187)Online publication date: 1-Aug-2001
https://dl.acm.org/doi/10.1145/384196.384222
Keßler CBednarski A(2001)A Dynamic Programming Approach to Optimal Integrated Code GenerationACM SIGPLAN Notices10.1145/384196.38421936:8(165-174)Online publication date: 1-Aug-2001
https://dl.acm.org/doi/10.1145/384196.384219
Wagner JLeupers R(2001)C Compiler Design for an Industrial Network ProcessorACM SIGPLAN Notices10.1145/384196.38421836:8(155-164)Online publication date: 1-Aug-2001
https://dl.acm.org/doi/10.1145/384196.384218
Granston EStotzer EZbiciak J(2001)Software Pipelining Irregular Loops On the TMS320C6000 VLIW DSP ArchitectureACM SIGPLAN Notices10.1145/384196.38421636:8(138-144)Online publication date: 1-Aug-2001
https://dl.acm.org/doi/10.1145/384196.384216
Lee SErmedahl AMin SChang N(2001)An Accurate Instruction-Level Energy Consumption Model for Embedded RISC ProcessorsACM SIGPLAN Notices10.1145/384196.38420136:8(1-10)Online publication date: 1-Aug-2001
https://dl.acm.org/doi/10.1145/384196.384201
Fekete ALynch NShvartsman A(2001)Specifying and using a partitionable group communication serviceACM Transactions on Computer Systems10.1145/377769.37777619:2(171-216)Online publication date: 1-May-2001
https://dl.acm.org/doi/10.1145/377769.377776
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents