What is Security Literacy?
The primary method for educating students and the general public about cyber security has been through limited awareness campaigns and the construction of top-ten security lists. These approaches are neither effective nor sufficient. It is poor pedagogical practice to believe that students – or anyone for that matter – can remember, understand, and apply knowledge when the educator provides them with nothing more than an inherently incomplete top-ten bullet point list of security tasks to perform which have no context related to their daily lives.
We believe that formal computer security education is the key to combating the threats intrinsic to the Information Age. Each day, people are inundated with alerts and pop-ups informing them about patch updates, antivirus signatures, firewall exceptions, suspicious emails, and malware threats. These notifications fail to use the proper vocabulary or fail to educate the user on how to make value-based decisions regarding the benefits and consequences of taking specific action on these items. What a formal pedagogical approach to practical computer security education provides is the context and knowledge for students to apply computer security best practices when faced with a novel situation and the ability to be proactive, not reactive, in the face of new threats.
It is argued that computer security literacy is not the next logical step in computer security defense, but it is the most important step that we, as individuals, can take. Through this website and project, we want to encourage security educators and professionals to reach out to their respective community and promote security literacy.
Computer Security Literacy: Staying Safe in a Digital World by Douglas Jacobson & Joseph Idziorek