Teaching Information Security with Workflow Technology-A Case Study Approach

By He, Wu; Kshirsagar, Ashish et al. | Journal of Information Systems Education, Fall 2014 | Go to article overview

Teaching Information Security with Workflow Technology-A Case Study Approach


He, Wu, Kshirsagar, Ashish, Nwala, Alexander, Li, Yaohang, Journal of Information Systems Education


1. INTRODUCTION

Nowadays, information security is becoming more and more important to organizations across a variety of industries. In information security education, it has been observed that students learn best with hands-on real-life examples (Sharma and Sefchek, 2007). Teaching using case studies to simulate real-life scenarios has been considered an effective method that actively engages students. Researchers (He et al., 2013) point out that using a case study-based approach in information security courses can provide several key advantages, such as the ability to focus on the practical aspects of information security in the real world, the ability to ensure a high level of student involvement, and the ability to teach security concepts with a minimum requirement for equipment.

In recent years, many hands-on projects, including simulating virus and spyware mechanisms (Katz, 2006), breaking ciphers (Schweitzer and Baird, 2006), attacking/defending a system (Chen et al., 2011), detecting intrusion (Roschke et al., 2010), and analyzing penetration (Antunes and Vieira, 2012), have been developed and have been widely used in the information security education curriculum. However, most of these hands-on projects are relatively simple and can be carried out in isolated or virtualized lab environments, which usually do not fully reflect the complexity of real-life situations. Moreover, most of these projects require students to have strong technical skills in system/network administration and often involve heavy computer programming. These requirements might make the study of information system security difficult for students with less background in computer science.

In information security education practice, there is a great need for students to study more complicated cases that are more similar to real-life scenarios in order to better understand important security issues and techniques. Ideally, each case study should simulate a complex real-life scenario. These case studies should enable students to visualize concepts at a high level in order to facilitate analysis and discussion. Moreover, in order to engage students and to sustain students' interest in learning information security concepts, difficult technical details should be temporarily hidden, particularly until students with less computer science background can become familiar with these concepts.

In this paper, we describe a new approach of using workflow technology to enhance information security education (van der Aalst and van Hee, 2004) by simulating complex real-life scenarios within a laboratory setting. The use of workflow technology provides interactive graphical interfaces to build sophisticated information security cases without the need for low-level programming or command-line interactions and allows for collaboration among students with different educational backgrounds. Moreover, workflow technology enables seamless integration of distributed and local services to support the composition of complex case studies. Two case studies using the Kepler scientific workflow system (Ilkay et al., 2004) are presented in this paper to show how workflows for real-life scenarios can be created and enacted. The first case study simulates the scenario of an attack on a bank account and is based on a real security incident described in the Daily Record magazine (Mann, 2012). The second case study models the situation of a coordinated attack that compromises an online course management system. The workflows for both case studies were developed by students in Computer Science and were then used to support teaching in Information Technology (IT) security courses. Feedback from students regarding the use of workflow technology in teaching information security principles and techniques is also discussed and analyzed.

2. WORKFLOW TECHNOLOGY AND ITS APPLICATIONS IN EDUCATION

Workflow is originally an administrative concept used in business operation management; it describes a business process that delivers services from one participant agent to another. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA 8, MLA 7, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Note: primary sources have slightly different requirements for citation. Please see these guidelines for more information.

Cited article

Teaching Information Security with Workflow Technology-A Case Study Approach
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen
Items saved from this article
  • Highlights & Notes
  • Citations
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA 8, MLA 7, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Search by... Author
    Show... All Results Primary Sources Peer-reviewed

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.