Evaluation of the Offensive Approach in Information Security Education
نویسندگان
چکیده
There is a tendency in information security education at universities to not only teach protection measures but also attack techniques. Increasingly more universities offer hands-on labs, where students can experience both the attackers’ and the administrators’ view. Getting to know the attackers’ view is thought to lead to a better understanding of information security and its problems compared to teaching only strategies for defense. This paper analyzes the situation of information security education at German and international universities. We present a method to measure knowledge in information security and – using this method in an empirical study – evaluate the offensive teaching approach. Analysis of the empirical data gathered in the study shows a tendency in favor of the offensive approach compared to the classic defensive security education.
منابع مشابه
Quantitative evaluation of software security: an approach based on UML/SecAM and evidence theory
Quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. However, an important question arises with respect to the accuracy of input parameters. In practice, security parameters can rarely be estimated accurately due to the lack of sufficient kn...
متن کاملThe Blunderdome: An Offensive Exercise for Building Network, Systems, and Web Security Awareness
In spite of the controversy surrounding the practice of using offensive computer security exercises in information assurance curricula, it holds significant educational value. An exercise and architecture for an asymmetric (offense-only) security project, nicknamed “Blunderdome”, has been deployed twice at the University of Tulsa: once to graduate students in a security engineering course, and ...
متن کاملDetermining the appropriate methodology for the security evaluation of equipment related to information and communication technology in the power industry
Providing security in the vital infrastructures of the country, is one of the essential operations that must be taken in order to improve the security of the country. Resistant security strategies need to be regularly implemented as a dynamic process to improve security, and security evaluation is one of the most important steps in this process. Methodology in the field of evaluation in both te...
متن کاملIdentifying and Ranking Technology-Telecommunications Context of Information Security anagement System in E-Government Using Fuzzy AHP Approach
In recent years, many security threats have entered into the organizations’ information and changed the organizational performance resulting in their exorbitant costs. This question is of particular importanceabout government agencies that use information and Internet systems. This issue enabled the top managers of organizations to implement a security system and minimize these costs. Using In...
متن کاملA Self-Extension Monitoring for Security Management
In the coming age of information warfare, information security patterns take on a more offensive than defensive stance [1]. However, most existing security systems remain passive and do not provide an active form of security protection. It is necessary to develop an active form of offensive approach to security protection in order to guard vital information infrastructures and thwart hackers. T...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010