Academic journal article Journal of Information Systems Education

Teaching Information Security with Workflow Technology-A Case Study Approach

Academic journal article Journal of Information Systems Education

Teaching Information Security with Workflow Technology-A Case Study Approach

Article excerpt


Nowadays, information security is becoming more and more important to organizations across a variety of industries. In information security education, it has been observed that students learn best with hands-on real-life examples (Sharma and Sefchek, 2007). Teaching using case studies to simulate real-life scenarios has been considered an effective method that actively engages students. Researchers (He et al., 2013) point out that using a case study-based approach in information security courses can provide several key advantages, such as the ability to focus on the practical aspects of information security in the real world, the ability to ensure a high level of student involvement, and the ability to teach security concepts with a minimum requirement for equipment.

In recent years, many hands-on projects, including simulating virus and spyware mechanisms (Katz, 2006), breaking ciphers (Schweitzer and Baird, 2006), attacking/defending a system (Chen et al., 2011), detecting intrusion (Roschke et al., 2010), and analyzing penetration (Antunes and Vieira, 2012), have been developed and have been widely used in the information security education curriculum. However, most of these hands-on projects are relatively simple and can be carried out in isolated or virtualized lab environments, which usually do not fully reflect the complexity of real-life situations. Moreover, most of these projects require students to have strong technical skills in system/network administration and often involve heavy computer programming. These requirements might make the study of information system security difficult for students with less background in computer science.

In information security education practice, there is a great need for students to study more complicated cases that are more similar to real-life scenarios in order to better understand important security issues and techniques. Ideally, each case study should simulate a complex real-life scenario. These case studies should enable students to visualize concepts at a high level in order to facilitate analysis and discussion. Moreover, in order to engage students and to sustain students' interest in learning information security concepts, difficult technical details should be temporarily hidden, particularly until students with less computer science background can become familiar with these concepts.

In this paper, we describe a new approach of using workflow technology to enhance information security education (van der Aalst and van Hee, 2004) by simulating complex real-life scenarios within a laboratory setting. The use of workflow technology provides interactive graphical interfaces to build sophisticated information security cases without the need for low-level programming or command-line interactions and allows for collaboration among students with different educational backgrounds. Moreover, workflow technology enables seamless integration of distributed and local services to support the composition of complex case studies. Two case studies using the Kepler scientific workflow system (Ilkay et al., 2004) are presented in this paper to show how workflows for real-life scenarios can be created and enacted. The first case study simulates the scenario of an attack on a bank account and is based on a real security incident described in the Daily Record magazine (Mann, 2012). The second case study models the situation of a coordinated attack that compromises an online course management system. The workflows for both case studies were developed by students in Computer Science and were then used to support teaching in Information Technology (IT) security courses. Feedback from students regarding the use of workflow technology in teaching information security principles and techniques is also discussed and analyzed.


Workflow is originally an administrative concept used in business operation management; it describes a business process that delivers services from one participant agent to another. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.