Teaching information systems security courses: A hands-onapproach

It has become imperative for companies, governments, and organizations to understand how to guard against hackers, outsiders, and even disgruntled employees who threaten their information security, integrity and daily business operations. To address national needs for computer security education, many universities have incorporated computer and security courses into their undergraduate and graduate curricula. At the Miller College of Business, Department of Information Systems and Operations Management, Ball State University, we have introduced an information systems security option for students majoring in information systems. This paper describes our approach, our experiences and lessons learned for teaching security courses using a hands-on approach.

[1]  Matt Bishop Education in information security , 2000, IEEE Concurr..

[2]  Ann Blandford,et al.  Bridging the gap between organizational and user perspectives of security in the clinical domain , 2005, Int. J. Hum. Comput. Stud..

[3]  Barry M. Lunt,et al.  Integration of information assurance and security into the IT2005 model curriculum , 2005, SIGITE '05.

[4]  Harold Joseph Highland A college course in cryptography and computer security , 1982, SGSC.

[5]  Edward Amoroso,et al.  A graduate course in computing security technology , 1993, SIGCSE '93.

[6]  Jan H. P. Eloff,et al.  Information security architecture , 2005 .

[7]  B. Clinton,et al.  Executive Order 13010: Critical Infrastructure Protection , 1996 .

[8]  D. Frincke,et al.  Joining the Security Education Community , 2004, IEEE Secur. Priv..

[9]  John Leach,et al.  Improving user security behaviour , 2003, Comput. Secur..

[10]  E. Spafford One View of A Critical National Need: Support for Information Security Education and Research , 2007 .

[11]  Richard Spillman,et al.  A computer security course in the undergraduate computer science curriculum , 1992 .

[12]  Bill Neugent A university course in computer security , 1982, SGSC.

[13]  Cynthia E. Irvine,et al.  Teaching Introductory Computer Security at a Department of Defense University. , 1997 .

[14]  Herbert J. Mattord,et al.  A Draft Model Curriculum for Programs of Study in Information Security and Assurance , 2004 .

[15]  Edward M. Roche,et al.  Critical Foundations: Protecting America's Infrastructures , 1998 .

[16]  Matt Bishop,et al.  An Isolated Network for Research , 1996 .

[17]  Matt Bishop,et al.  Teaching Computer Security , 1993, SEC.

[18]  James L. Schaub,et al.  COMPUTER SECURITY EDUCATION , 1995 .

[19]  Ivan Horrocks Security Training: Education For an Emerging Profession? , 2001, Comput. Secur..

[20]  Houston H. Carr,et al.  Threats to Information Systems: Today's Reality, Yesterday's Understanding , 1992, MIS Q..

[21]  Corey D. Schou,et al.  A Model for Information Assurance : An Integrated Approach , 2001 .

[22]  William J. Caelli Trusted ...or... trustworthy: the search for a new paradigm for computer and network security , 2002, Comput. Secur..

[23]  Erland Jonsson,et al.  IT Security Research and Education in Synergy , 1999 .

[24]  Aviel D. Rubin An Experience Teaching a Graduate Course in Cryptography , 1997, Cryptologia.

[25]  Deborah A. Frincke,et al.  Integrating Security into the Curriculum , 1998, Computer.

[26]  Cynthia E. Irvine,et al.  Challenges in Computer Security Education , 1997 .

[27]  Rayford B. Vaughn,et al.  Application of security tot he computing science classroom , 2000, SIGCSE '00.