Title: Incorporating hacking projects in computer and information security education: an empirical study

 

Author: Eman Alashwali

 

Address: Information Security Research Group, Faculty of Computing and IT, Information Systems Department, King Abdulaziz University, Saudi Arabia

 

Journal: Int. J. of Electronic Security and Digital Forensics, 2014 Vol.6, No.3, pp.185 - 203

 

Abstract: Incorporating hacking projects in information security education is controversial. However, several studies discussed the benefits of including offensive exercises (e.g., hacking) in information security courses. In this paper, we present our experiment in incorporating hacking projects in the laboratory exercises for an undergraduate-level Computer and Information Security (CIS) course at King Abdulaziz University (KAU), Saudi Arabia. We conducted a survey to measure the effectiveness of incorporating hacking projects from the students' perspective. We also questioned the ethical aspects of these projects. The results strongly suggest that hacking projects have helped the students better understanding computer and information security principles. Furthermore, the majority of the students stated that they do not intend to misuse the learned skills, mainly for religious and ethical reasons. We also present the precautions that we took to avoid legal or ethical consequences that may be connected with these activities.

 

Keywords: offensive; defensive; cyberattacks; attacks; awareness; ethics; religion; women in engineering; Saudi Arabia; hacking projects; computer education; information security education; female engineers; higher education.

 

DOI: http://dx.doi.org/10.1504/IJESDF.2014.064406

 

Available online 20 Aug 2014

 

 

Editors Full Text AccessAccess for SubscribersPurchase this articleComment on this article