Full Text

ABSTRACT

Information security (InfoSec) education becomes increasingly important. Building hands-on capabilities to tackle challenges is a precondition to mitigate and eliminate cyber threats. Existing studies, however, show that the field lacks pedagogically founded information security laboratories that can be used flexibly to educate both on-campus and online learners. To address this issue, this paper reports on an online InfoSec laboratory. Development of the laboratory follows an action design research approach. For this purpose, initial design principles were used that are derived from the existing pedagogical theories such as Conversational Framework, Constructive Alignment, and Personalized System of Instruction, literature reviews and empirical data. Through iterative cycles of building, intervention, and evaluation of an InfoSec laboratory, and side-by-side critical reflections, this study refines the conceptual model of an online InfoSec laboratory and initial design principles and provides general guidelines on the process of establishing a pedagogically underpinned online InfoSec laboratory for hands-on exercises. This study contributes by serving two major purposes. First, this study proposes a conceptual model of an online InfoSec laboratory that comprises important entities: Laboratory Infrastructure, Exercise (document), Exercise Processing and Management Interface (EPI), and Concrete Exercise Interface. Secondly, the research proposes design principles for implementing a conceptual model of an online InfoSec laboratory in different educational contexts.

Keywords: Security, Online education, Online laboratory, Action design research, Personalized system of instruction (PSI)