This short paper addresses the critical issue of teaching computer security in college and university settings. It addresses the issue from the perspective of a very small college, with only six faculty members, and both an applied computer science program and an information technology program, serving about 120 students. It describes, in some detail, courses on system administration and computer security.

The description of the system administration course presents overviews of a transition from Windows to Linux, and lays out the course’s 16-week teaching schedule. This course is a hands-on lab course on securing Linux, and uses Maximum Linux security [1] as its text.

The computer security course is a mixed lecture and laboratory course, and the authors describe its evolution from the first to the second type of offering. Assignments are covered in substantial detail, including the effectiveness of various assignments and student feedback.

More than anything else, this paper is an exercise in lessons learned in trying to introduce computer security into a small college setting, with limited staff capability. The authors’ effort is commendable, but falls far short of what is really needed. They indicate that they integrated some security topics into existing courses, but I was disappointed that they did not describe these topics, or how they arrived at the decision to include certain materials in the existing classes, and allocate others to new classes.

This paper is a must-read for teachers at small colleges, and useful for anyone with an interest in teaching computer security. Teachers working in robust programs will be disappointed, but the beginners will appreciate the effort.