What is Security Literacy:
The primary method for educating students and the general public about cyber security has been through limited awareness campaigns and the construction of top-ten security lists. These approaches are neither effective nor sufficient as it is poor pedagogical practice to believe that students – or anyone for that matter – can remember, understand, and apply knowledge when the educator provides them with nothing more than an inherently incomplete top-ten bullet point list of security tasks to perform which have no context related to their daily lives.
We believe that formal computer security education is the key to combating the threats intrinsic to the Information Age. Each day, people are inundated with alerts and pop-ups informing them about patch updates, antivirus signatures, firewall exceptions, suspicious emails, and malware threats but lack the proper education or vocabulary to make value-based decisions regarding the benefits and consequences of taking specific action on these items. What a formal pedagogical approach to practical computer security education provides is the context and knowledge for students to apply computer security best practices when faced with a novel situation and the ability to be proactive, not reactive, in the face of new threats. It is argued that computer security literacy is not only the next logical step in computer security defense; it is the most important step that, we, as individuals can take. Through this website and project we want to encourage security educators and professionals to reach out to their respective community and promote security literacy.