ABSTRACT A small private university began to offer undergraduate and graduate courses in computer security during the academic year 2002-2003 within the schools of computer science and business. In the introductory computer security course, a "social engineering" team project was included as a required assignment. This article briefly summarizes the social engineering literature, describes the project assignment and learning objective, provides actual student sample deliverables, and presents results of a follow-up student survey on the experience. The lessons learned from this effort should prove useful to other universities and instructors contemplating similar coursework.
