Content area
Full text
ABSTRACT
Case-based learning has been widely used in many disciplines. As an effective pedagogical method, case-based learning is also being used to support teaching and learning in the domain of information security. In this paper, we demonstrate case-based learning in information security by sharing our experiences in using a case study to teach security management. A process model of integrating a case library and Web 2.0 technologies to facilitate case-based learning is also presented in this paper. Insights and recommendations for implementing the process model are offered as well.
Keywords: Case study, Computer security, Security, Online tools, Online education, Online communities, Web 2.0
Information security is a serious worldwide concern of governments, industry, and academia (Wang et al, 2013). Due to the increased reliance of governmental, military, and financial functions on complex interconnected computer systems and networks, many universities are offering information security courses to both undergraduate and graduate students. ACM/IEEE has also published curriculum-related guidelines and recommendations (Computing Curricula, 2005) for accrediting five computing degree programs: computer engineering (CE), computer science (CS), information systems (IS), software, engineering (SE), and information technology (IT) and recommended all these five programs to include information
Due to the diversity of security topics, many novice instructors often have a hard time in teaching information security courses. The teaching of information security topics
1. INTRODUCTION
security as a new focus area because of the emergence of security as a major area of concern.
However, teaching information security courses is technically challenging. An information security course in IS program typically covers many perspectives including technology, policy, management, behavior, economy and legal perspectives. Each perspective further discusses many different security-related topics. For example, the technology perspective discusses the use of a series of security analysis and testing services and tools such as source code analysis tools, SQL injection testing tools and web service penetration testing tools.
and principles is not easy without ready access to adequate examples. Examples have often been recognized as important when teaching conceptual or complex materials. Oftentimes, a life situation is complex and requires students to address complicated issues involving a variety of variables and parameters. To better comprehend security principles, techniques and approaches, students need exposure to sufficient examples.
In order to effectively help...