Cybersecurity should be taught top-down and case-driven

Document Type

Conference Proceeding

Publication Date



Department of Computer Science; Center for Cybersecurity


This paper aims to re-engineer cybersecurity education with an innovative top-down & case-driven (TDCD) teaching model by dissecting recent high-profile cybersecurity breaches. The traditional way of teaching cybersecurity is usually bottom-up where a list of security topics are taught separately in an isolated context, with little or no effort to link these topics together. The proposed TDCD model starts with real-world cyber breaches including the Target Corporation breach, the Anthem Inc. breach, and selected Distributed Denial of Service (DDoS) attacks. Students look into the details of these attacks and learn how these attacks took place from the beginning to the end. During the process of case analysis, a list of security topics reflecting different aspects of these breaches is introduced. Through guided in-class discussion, selected readings and hands-on lab assignments, student learning in lecture will be reinforced. Overall, the entire cybersecurity course is taught top-down and driven by real-world breach cases. The proposed TDCD model is ideal for teaching cybersecurity. First, the new model can easily draw students' attention and interest with real-world cases. Second, the new model can help instructors select important and timely cybersecurity topics from a wide range of options. Third, the new model can improve student learning outcomes, particularly help students gain a holistic view of security and learn socio-technical factors.

Publisher's Statement

© 2017 Association for Computing Machinery. Publisher's version of record: https://doi.org/10.1145/3125659.3125687

Publication Title

SIGITE '17 Proceedings of the 18th Annual Conference on Information Technology Education