Abstract
Online learning for educating information security professionals has increased in popularity. The security curriculum and technology, as well as hands-on laboratory experiences implemented in information security labs, are important elements in an online education system for information security. We drew our motivation from an on-going information security lab development initiative in our own institution, and this paper aims to provide an integrated overview on reported instances of online hands-on education in information security. Our review contributes to the existing knowledge by using the anatomy of design theory framework as a basis for literature analysis, as this provides a common basis to examine theories about human-created information technology artifacts such as information security labs and how such knowledge has been communicated to academia. Our results show that none of the articles studied here puts forward a well-grounded and tested design theory for on-line information security laboratories. This hinders accumulation of knowledge in this area and makes it difficult for others to observe, test and adapt clear design principles for security laboratories and exercises.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Yurcik, W., Doss, D.: Different Approaches in the Teaching of Information Systems Security. In: Information Systems Education Conference, Cincinnati OH, USA, ISECON (2001)
Woodward, B.S., Young, T.: Redesigning an Information System Security Curriculum through Application of Traditional Pedagogy and Modern Business Trends. Information Systems Education Journal 5, 1–11 (2007)
Yngstrom, L., Bjorck, F.: The Value and Assessment of Information Security Education and Training. In: Proceedings of the IFIP TC11 WG 11.8 First World Conference on Information Security Education, Stockholm, Sweden, pp. 271–292 (1998)
Crowley, E.: Information System Security Curricula Development. In: Proceeding of the 4th Conference on Information Technology Curriculum on Information Technology Education, pp. 249–255 (2003)
van Niekerk, J.F., Thomson, K.-L.: Evaluating the Cisco Networking Academy Program’s Instructional Model against Bloom’s Taxonomy for the Purpose of Information Security Education for Organizational End-Users. In: Reynolds, N., Turcsányi-Szabó, M. (eds.) KCKS 2010. IFIP AICT, vol. 324, pp. 412–423. Springer, Heidelberg (2010)
Khan, B.H.: Web‐Based Instruction (WBI): An Introduction. Educational Media International 35, 63–71 (1998)
Kosak, L., Manning, D., Dobson, E., et al.: Prepared to Teach Online? Perspectives of Faculty in the University of North Carolina System. Online Journal of Distance Learning Administration 7, 1–13 (2004)
Hentea, M., Dhillon, H.S., Dhillon, M.: Towards Changes in Information Security Education. Journal of Information Technology Education 5, 221–233 (2006)
McDermott, J., Fox, C.: Using Abuse Case Models for Security Requirements Analysis. In: Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC 1999), Phoenix, Arizona, pp. 55–64 (1999)
Stewart, K.E., Humphries, J.W., Andel, T.R.: Developing a Virtualization Platform for Courses in Networking, Systems Administration and Cyber Security Education. In: Proceedings of the Spring Simulation Multi-Conference. Society for Computer Simulation International, San Diego (2009)
Gregor, S., Jones, D.: The Anatomy of a Design Theory. Journal of the Association for Information Systems 8, 312–335 (2007)
Hrastinski, S., Keller, C., Carlsson, S.A.: Design Exemplars for Synchronous e-Learning: A Design Theory Approach. Comput. Educ. 55, 652–662 (2010)
Crawford, E., Hu, Y.: A Multi-User Adaptive Security Application for Educational Hacking. In: Proceedings of the World Congress on Engineering and Computer Science, WCECS 2011, vol. I, San Francisco, USA, October 19-21 (2011)
Lahoud, H.A., Tang, X.: Information Security Labs in IDS/IPS for Distance Education. In: SIGITE 2006, Minneapolis, Minnesota, USA, October 19–21, pp. 47–52. ACM (2006)
Li, P., Toderick, L.W., Lunsford, P.J.: Experiencing Virtual Computing Lab in Information Technology Education. In: Proceedings of the 10th ACM Conference on SIG-Information Technology Education, SIGITE 2009, Fairfax, Virginia, USA, October 22–24, pp. 55–59. ACM (2009)
Choi, Y.B., Lim, S., Oh, T.H.: Feasibility of Virtual Security Laboratory for Three-Tiered Distance Education. In: Proceedings of the ACM Conference on Information Technology Education, pp. 53–58 (2010)
Burd, S.D., Gaillard, G., Rooney, E., et al.: Virtual Computing Laboratories using VMware Lab Manager. In: Proceedings of the 44th Hawaii International Conference on System Sciences, pp. 1–9. IEEE (2011)
Summers, W.C., Martin, C.: Using a Virtual Lab to Teach an Online Information Assurance Program. In: Proceedings of the 2nd Annual Conference on Information Security Curriculum Development, pp. 84–87. ACM, New York (2005)
Burd, S.D., Seazzu, A.F., Conway, C., et al.: Virtual Computing Laboratories: A Case Study with Comparisons to Physical Computing Laboratories. Journal of Information Technology Education 8, 24 (2009)
Gaspar, A., Langevin, S., Armitage, W., et al.: The Role of Virtualization in Computing Education. In: Proceedings of the 39th SIGCSE Technical Symposium on Computer Science Education, pp. 131–132. ACM, New York (2008)
Li, C.: Blur the Boundary between the Virtual and the Real. Journal of Computing Sciences in Colleges 24, 39–45 (2009)
Krishna, K., Sun, W., Rana, P., et al.: V-NetLab: A Cost-Effective Platform to Support Course Projects in Computer Security. In: Proceedings of the 9th Annual Colloquium for Information Systems Security Education (CISSE 2005), Atlanta, GA, June 6-9 (2005)
Chen, F.-G., Chen, R.-M., Chen, J. -S.: A Portable Virtual Laboratory for Information Security Courses. In: Lin, S., Huang, X. (eds.) CSEE 2011, Part V. CCIS, vol. 218, pp. 245–250. Springer, Heidelberg (2011)
Wang, X., Hembroff, G.C., Yedica, R.: Using VMware VCenter Lab Manager in Undergraduate Education for System Administration and Network Security. In: Proceedings of the 2010 ACM Conference on Information Technology Education, pp. 43–52 (2010)
Aboutabl, M.S.: The Cyberdefense Laboratory: A Framework for Information Security Education. In: Proceedings of the 2006 IEEE Workshop on Information Assurance United States Military Academy, West Point, NY, pp. 55–60 (2006)
Jones, D., Gregor, S.: An Information Systems Design Theory for e-Learning. In: Proceedings, Australasian Conference on Information Systems: 15th Annual ACIS Conference, pp. 51–61. University of Tasmania, Hobart, Tasmania (2004)
Walls, J.G., Widmeyer, G.R., El Sawy, O.A.: Building an Information System Design Theory for Vigilant EIS. Information Systems Research 3, 36–59 (1992)
Friedman, R.S., Deek, F.P.: Innovation and Education in the Digital Age: Reconciling the Roles of Pedagogy, Technology, and the Business of Learning. IEEE Transactions on Engineering Management 50(4), 403–412 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Iqbal, S., Päivärinta, T. (2012). Towards a Design Theory for Educational On-line Information Security Laboratories. In: Popescu, E., Li, Q., Klamma, R., Leung, H., Specht, M. (eds) Advances in Web-Based Learning - ICWL 2012. ICWL 2012. Lecture Notes in Computer Science, vol 7558. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33642-3_32
Download citation
DOI: https://doi.org/10.1007/978-3-642-33642-3_32
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33641-6
Online ISBN: 978-3-642-33642-3
eBook Packages: Computer ScienceComputer Science (R0)