Title: Incorporating hacking projects in computer and information security education: an empirical study

Authors: Eman Alashwali

Addresses: Information Security Research Group, Faculty of Computing and IT, Information Systems Department, King Abdulaziz University, Saudi Arabia

Abstract: Incorporating hacking projects in information security education is controversial. However, several studies discussed the benefits of including offensive exercises (e.g., hacking) in information security courses. In this paper, we present our experiment in incorporating hacking projects in the laboratory exercises for an undergraduate-level Computer and Information Security (CIS) course at King Abdulaziz University (KAU), Saudi Arabia. We conducted a survey to measure the effectiveness of incorporating hacking projects from the students' perspective. We also questioned the ethical aspects of these projects. The results strongly suggest that hacking projects have helped the students better understanding computer and information security principles. Furthermore, the majority of the students stated that they do not intend to misuse the learned skills, mainly for religious and ethical reasons. We also present the precautions that we took to avoid legal or ethical consequences that may be connected with these activities.

Keywords: offensive; defensive; cyberattacks; attacks; awareness; ethics; religion; women in engineering; Saudi Arabia; hacking projects; computer education; information security education; female engineers; higher education.

DOI: 10.1504/IJESDF.2014.064406

International Journal of Electronic Security and Digital Forensics, 2014 Vol.6 No.3, pp.185 - 203

Received: 01 Mar 2014
Accepted: 30 Apr 2014

Published online: 30 Aug 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article