E-learning of ethics, awareness, hacking and research by information security majors
Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review
|Title of host publication||Proceedings of SEFI Annual Conferences|
|Publisher||European Society for Engineering Education SEFI|
|Number of pages||8|
|Publication status||Published - 29 Jun 2015|
|Publication type||A4 Article in a conference publication|
|Event||Annual Conference of the European Society for Engineering Education - |
Duration: 1 Jan 1900 → …
|Conference||Annual Conference of the European Society for Engineering Education|
|Period||1/01/00 → …|
Some earlier courses were reorganized in 2013 to construct a syllabus for the information security major at Tampere University of Technology, a 30 ECTS credit unit package in the 300-cu master's degree. As their other subjects the students may have for instance communications or software engineering, or information management.
This paper describes how the compulsory courses introduce four important but not very technical engineering skills using mainly an e-learning approach. The reasons for such an approach is to save resources in the very beginning – because of the large number of students heading for other majors – and after that to offer flexibility in scheduling to serve the elective courses, as well as the studies of other disciplines – those that provide a need for security.
The four topic areas are ethics of individuals and organizations, personal awareness of security issues, hacking, i.e. offensive way of thinking, and The described introductory stage of exposing the students' minds to these matters does not forget innovativeness, but that remains more in the background before the students start working with cases and hands-on experiments later.
The description covers four separate courses, forming a prerequisite chain. The first and last one are lecture-based and it takes at least two years to pass them; 3–4 years is more normal. The academic units are not essential here. Instead, one of the main points is the repeated exposure to the various ways of thinking. In the following summary of the succession the numbers 1–4 refer to the courses, but they can be just thought of as time-separated occasions:
Ethics: 1. Laws 2. Laws 3. Ethical questions in one's own environment – technology-related ethical questions for individuals – ethical questions for organizations. 4. Interview a security professional, ethical point of view included.
Awareness: 1 & 2. Policies, guidelines and web-sites of security information. 3. Daily observations (own or from news) and actions regarding information security, 4. Campaigns etc.
Hacking: 1. By-pass authentication by changing the source code of a web page. 2. -- 3. Carry out and report an exercise found at one of listed sites, 4. Laboratory exercises in hacking.
Research: 1. Fill in a questionnaire resembling the one from 3rd stage. 2. -- 3. A questionnaire to five acquaintances, completed by interviewing them; deal with the results. 4. Read research papers, interview a security professional trying to generalize together with peers.
The paper explains the rationale of these exposures and how they are delivered. It must be noted that not everything is compulsory for passing the courses. The paper reports observations concerning the student choices and feedback. The course #3 appears in its earlier form in . The current version was updated to be two times larger and more professionally oriented.
 Jukka A. Koskinen, Tomi O. Kelo: Pure e-learning course in information security. Proc. 2nd Int. Conf. on Security of Information and Networks, 2009. 8–13.