The most confusion is likely to come from the security terminology. Students tend not to understand precise definitions as is understood in mathematics (which extends to much security terminology and principles).

Perhaps the most useful exercise to do would be a quick primer on first-order prepositional logic, though not as formally as would be treated in a math class. From there, true/false quizzes would suffice to detect misunderstandings in definitions.

The field of security tends to encourage establishment of attitudes that can be detrimental. Some examples are:

• Nothing is secure, so don't try.
• Insurance/contractual assurance is enough security (management).
• There are totally secure systems.
• Breaking into a system for "benevolent" purposes is legitimate.
• Open/closed source is more/less secure inherently.