Title: Incorporating hacking projects in computer and information security education: an empirical study
Authors: Eman Alashwali
Addresses: Information Security Research Group, Faculty of Computing and IT, Information Systems Department, King Abdulaziz University, Saudi Arabia
Abstract: Incorporating hacking projects in information security education is controversial. However, several studies discussed the benefits of including offensive exercises (e.g., hacking) in information security courses. In this paper, we present our experiment in incorporating hacking projects in the laboratory exercises for an undergraduate-level Computer and Information Security (CIS) course at King Abdulaziz University (KAU), Saudi Arabia. We conducted a survey to measure the effectiveness of incorporating hacking projects from the students' perspective. We also questioned the ethical aspects of these projects. The results strongly suggest that hacking projects have helped the students better understanding computer and information security principles. Furthermore, the majority of the students stated that they do not intend to misuse the learned skills, mainly for religious and ethical reasons. We also present the precautions that we took to avoid legal or ethical consequences that may be connected with these activities.
Keywords: offensive; defensive; cyberattacks; attacks; awareness; ethics; religion; women in engineering; Saudi Arabia; hacking projects; computer education; information security education; female engineers; higher education.
DOI: 10.1504/IJESDF.2014.064406
International Journal of Electronic Security and Digital Forensics, 2014 Vol.6 No.3, pp.185 - 203
Received: 01 Mar 2014
Accepted: 30 Apr 2014
Published online: 30 Aug 2014 *