Faculty attitudes toward screening IA students for criminal backgrounds

Livermore, Jeffrey A.

doi:10.1145/1456625.1456631

Cited by 3 publications

(4 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Every course in IT security should include a discussion of legal and ethical implications and standards. Research by Livermore (2011) shows that 75% of the security faculty members agree that schools should include an ethics course in the information security curriculum. A similar number of faculty members acknowledge that ethics should be part of every course in the information security curriculum.…”

Section: Ethical Legal and Laibility Concernsmentioning

confidence: 99%

“…Students require a context-related justification for the need to be exposed to dangerous hacking techniques and tools, along with guidelines for ethical use of the tools. Institutions may even choose to dedicate an entire course to "ethical hacking" (Epstein, 2006;Livermore, 2011;Livermore, 2007;Logan & Clarkson, 2005). Furthermore students need to be educated on the negative effects of malicious actions, including awareness of the legal implications of attack activities conducted outside the isolated laboratory network environment.…”

Section: Ethical Legal and Laibility Concernsmentioning

confidence: 99%

See 1 more Smart Citation

Ethical Hacking in Information Security Curricula

Trabelsi

McCoey

2016

International Journal of Information and Communication Technology Education

View full text Add to dashboard Cite

Teaching offensive security (ethical hacking) is becoming a necessary component of information security curricula with a goal of developing better security professionals. The offensive security components extend curricula beyond system defense strategies. This paper identifies and discusses the learning outcomes achieved as a result of hands-on lab exercises which focus on attacking systems. The paper includes the ethical implications associated with including such labs. The discussion is informed by analyses of log data on student malicious activities, and student survey results. The examination of student behavior after acquiring these skills demonstrates that there is potentially a high risk of inappropriate and illegal behavior associated with this type learning. While acknowledging these risks and problems, the paper recommends that curricula should opt for a teaching approach that offers students both offensive and defensive hands-on lab exercises in conjunction with lecture material. The authors propose steps to minimize the risk of inappropriate behavior and reduce institutional liability.

show abstract

Section: Ethical Legal and Laibility Concernsmentioning

confidence: 99%

Section: Ethical Legal and Laibility Concernsmentioning

confidence: 99%

Ethical Hacking in Information Security Curricula

Trabelsi

McCoey

2016

International Journal of Information and Communication Technology Education

View full text Add to dashboard Cite

show abstract

Section: School Liabilitiesmentioning

confidence: 99%

Using network packet generators and snort rules for teaching denial of service attacks

Trabelsi

AlKetbi

2013

Proceedings of the 18th ACM Conference on Innovation and Technology in Computer Science Education

View full text Add to dashboard Cite

Teaching ethical hacking techniques is fundamental to security education and allows students to better understand the ways in which computer and network systems fail. This paper discusses the implementation of comprehensive offensive hands-on lab exercises about four common Denial of Service (DoS) attacks. Moreover, the paper discusses the implementation of a defense technique against the DoS attacks using Snort tool, as an intrusion detection system. The impact of offering the exercises on the student performance in terms of achieving the course outcomes is also discussed. Although a significant improvement in the student performance has been observed, a major ethical concern has been identified when teaching ethical hacking techniques. As a consequence, the paper lists a number of steps that should be taken by schools and educators to reduce the liability of teaching ethical hacking techniques in information security curriculum.

show abstract

“…7. Schools teaching offensive techniques should establish a process to screen students for criminal background, unstable behavior and malicious activities prior to admission to an information security program (Livermore, 2011). In addition, schools may require a written approval from the student's parents before conducting any screening for criminal background.…”

Section: University Email Servers (14%)mentioning

confidence: 99%

A Hands-on Approach for Teaching Denial of Service Attacks: A Case Study

Trabelsi¹,

Ibrahim²

2013

JITE:IIP

View full text Add to dashboard Cite

Executive SummaryNowadays, many academic institutions are including ethical hacking in their information security and Computer Science programs. Information security students need to experiment common ethical hacking techniques in order to be able to implement the appropriate security solutions. This will allow them to more efficiently protect the confidentiality, integrity, and availability of computer systems and assets.This paper presents a case study of the implementation of comprehensive ethical hacking handson lab exercises, which are fundamental to security education. The exercises are about three common Denial of Service (DoS) attacks, namely, the Land, the TCP (transmission control protocol) SYN (synchronization) flood, and the Teardrop attacks. DoS attacks are important topics for security courses teaching ethical hacking and intrusion detection techniques. The paper discusses also common defense techniques for detecting DoS attacks, including Intrusion Detection Systems (IDS) and Software tools. Snort tool is used as the IDS defense solution during the hands-on lab exercises. The learning objective of the hands-on lab exercises is for students to learn how to implement and detect the DoS attacks in an isolated network laboratory environment.Adding ethical hacking to an information security curriculum raises a variety of ethical and legal issues. Some students will use the acquired offensive hands-on skills in inappropriate and sometimes illegal ways. Hence, students may threaten their careers, hurt others, and put their institution's entire information security program at risk. Also, schools and educators may be held liable for the actions of their students. To contribute to improving the chances of having a successful and problem free information security programs that teach ethical hacking techniques, the paper lists a number of steps that should be taken by schools and educators to ensure that students are responsible for their actions and educate students on the consequences of any misconduct.The impact of offering the exercises on the students' performance in terms of achieving the course outcomes is also discussed. The course assessment results show that the offered hands-on lab exercises allowed students to better anatomize the attacks and assimilate the concepts learned from the lecture. The students have learned better with the exercises which had a positive effect on their performance.An anonymous questionnaire was administered to students who participated in the hands-on lab exercises to measure their satisfaction level and collect theirMaterial published as part of this publication, either on-line or in print, is copyrighted by the Informing Science Institute. Permission to make digital or paper copy of part or all of these works for personal or classroom use is granted without fee provided that the copies are not made or distributed for profit or commercial advantage AND that copies 1) bear this notice in full and 2) give the full citation on the first page. It is permissible to abstract ...

show abstract

Faculty attitudes toward screening IA students for criminal backgrounds

Cited by 3 publications

References 8 publications

Ethical Hacking in Information Security Curricula

Ethical Hacking in Information Security Curricula

Using network packet generators and snort rules for teaching denial of service attacks

A Hands-on Approach for Teaching Denial of Service Attacks: A Case Study

Contact Info

Product

Resources

About