Abstract
There is a tendency in information security education at universities to not only teach protection measures but also attack techniques. Increasingly more universities offer hands-on labs, where students can experience both the attackers’ and the administrators’ view. Getting to know the attackers’ view is thought to lead to a better understanding of information security and its problems compared to teaching only strategies for defense.
The paper analyzes the situation of information security education at German and international universities. We present a method to measure knowledge in information security and – using this method in an empirical study – evaluate the offensive teaching approach. Analysis of the empirical data gathered in the study shows a tendency in favor of the offensive approach compared to the classic defensive security education.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Arce, I., McGraw, G.: Why attacking systems is a good idea (Guest Editors’ introduction). IEEE Security & Privacy 2(4), 17–19 (2004)
Arnett, K.P., Schmidt, M.B.: Busting the ghost in the machine. Communications of the ACM 48(8), 92–95 (2005)
Black Hat briefings, training and consulting, http://www.blackhat.com
Homepage CIPHER CTF, http://www.cipher-ctf.org/
Conti, G.: Why computer scientists should attend hacker conferences. Communications of the ACM 48(3), 23–24 (2005)
Conti, G.: Hacking and innovation (Guest Editors’ introduction). Communications of the ACM 49(6), 33–36 (2006)
DEF CON Hacking Event, http://www.defcon.org
Farmer, D., Venema, W.: Improving the security of your site by breaking into it. Usenet Posting to comp.security.unix, 3 (December 1993)
Homepage Hack This Site, http://www.hackthissite.org/missions/
Homepage International Capture The Flag, http://ictf.cs.ucsb.edu/
Jonsson, E., Olovsson, T.: A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior. Transactions on Software Engineering 23, 235–245 (1997)
Mertens, C.: Wie lehrt man IT-Sicherheit am Besten – Übersicht, Klassifikation und Basismodule. Master’s thesis, RWTH Aachen (2007)
Mink, M.: Vergleich von Lehransätzen für die Ausbildung in IT-Sicherheit. PhD thesis, University of Mannheim (2009)
Mink, M., Freiling, F.C.: Is Attack Better Than Defense? Teaching Information Security the Right Way. In: Proceedings of the Conference on Information Security Curriculum Development (InfoSecCD), pp. 44–48. ACM Press, New York (2006)
Näf, M., Basin, D.: Conflict or review – two approaches to an information security laboratory. Communications of the ACM 51(12), 138–142 (2008)
Schumacher, M., Moschgath, M.-L., Roedig, U.: Angewandte Informationssicherheit: Ein Hacker-Praktikum an Universitäten. Informatik Spektrum 6(23) (June 2000)
Shadish, W.R., Cook, T.D., Campbell, D.T.: Experimental and Quasi-Experimental Designs for Generalized Causal Inference. Cengage Learning (2001)
Starfleet academy hackits, http://isatcis.com/
Vigna, G.: Red team/blue team, capture the flag, and treasure hunt: Teaching network security through live exercises. In: World Conference on Information Security Education, pp. 3–18 (2003)
White, G., Nordstrom, G.: Security across the curriculum: Using computer security to teach computer science principles. In: Proceedings of the 19th International Information Systems Security Conference, pp. 519–525 (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 IFIP International Federation for Information Processing
About this paper
Cite this paper
Mink, M., Greifeneder, R. (2010). Evaluation of the Offensive Approach in Information Security Education. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds) Security and Privacy – Silver Linings in the Cloud. SEC 2010. IFIP Advances in Information and Communication Technology, vol 330. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15257-3_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-15257-3_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15256-6
Online ISBN: 978-3-642-15257-3
eBook Packages: Computer ScienceComputer Science (R0)