Title: Incorporating hacking projects in computer and information security education: an empirical study
Author: Eman Alashwali
Address: Information Security Research Group, Faculty of Computing and IT, Information Systems Department, King Abdulaziz University, Saudi Arabia
Journal: Int. J. of Electronic Security and Digital Forensics, 2014 Vol.6, No.3, pp.185 - 203
Abstract: Incorporating hacking projects in information security education is controversial. However, several studies discussed the benefits of including offensive exercises (e.g., hacking) in information security courses. In this paper, we present our experiment in incorporating hacking projects in the laboratory exercises for an undergraduate-level Computer and Information Security (CIS) course at King Abdulaziz University (KAU), Saudi Arabia. We conducted a survey to measure the effectiveness of incorporating hacking projects from the students' perspective. We also questioned the ethical aspects of these projects. The results strongly suggest that hacking projects have helped the students better understanding computer and information security principles. Furthermore, the majority of the students stated that they do not intend to misuse the learned skills, mainly for religious and ethical reasons. We also present the precautions that we took to avoid legal or ethical consequences that may be connected with these activities.
Keywords: offensive; defensive; cyberattacks; attacks; awareness; ethics; religion; women in engineering; Saudi Arabia; hacking projects; computer education; information security education; female engineers; higher education.
Available online 20 Aug 2014