Ethical Hacking in Information Security Curricula

Trabelsi, Zouheir; McCoey, Margaret

doi:10.4018/ijicte.2016010101

Cited by 14 publications

(8 citation statements)

References 25 publications

(30 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…On the other hand, society must trust formal learning institutions to teach students how to hack ethically. The second option is desirable because training in ethical hacking formalizes the preparation of ethical hackers (Trabelsi and McCoey, 2016, pp. 2–3).…”

Section: Strengths and Limitations Of Ethical Hacking Pedagogymentioning

confidence: 99%

“…Consequently, the current defenses are only effective in detecting intrusion days, weeks or even months after the system has suffered extensive damage. For example, investigators detected and fixed the cyberattack at Target and Home Depot after more than six months (Trabelsi and McCoey, 2016, pp. 4–5).…”

Section: Strengths and Limitations Of Ethical Hacking Pedagogymentioning

confidence: 99%

See 1 more Smart Citation

Ethical implications for teaching students to hack to combat cybercrime and money laundering

Al-Tawil

2023

JMLC

View full text Add to dashboard Cite

Purpose Malicious hackers are increasingly evolving with technology by developing advanced tools to infiltrate. They are looking at micro laundering via sites like PayPal or using job advertising sites, to avoid exposure. Micro laundering makes it possible to launder a large amount of money in small amounts through thousands of electronic transactions. Therefore, the purpose of this paper is to examine whether the ethical hacking pedagogy is both a feasible and effective approach to prepare information security professionals of the future to combat black hat hacking and other forms of unethical conduct in the cyberspace. Design/methodology/approach The paper will specifically explore the ethics and implications of teaching students how to hack. It examines the strengths and limitations of the ethical hacking pedagogy. The discussion will then form the basis for exploring whether ethical hacking pedagogy is logical and justifiable. Findings The research has examined whether the ethical hacking pedagogy is an initiative-taking and effective approach to preparing information security professionals. Teaching students to hack is the only feasible approach to preparing future cybersecurity professionals because such training will allow them to master technical skills necessary for penetration testing. Originality/value A dominant theme that emerged from the research is the inability to evaluate students’ intention and provide oversight after their graduation. Thus, professional networks and peer groups will play an instrumental role in sustaining students in an environment that fosters ethical conduct.

show abstract

Section: Strengths and Limitations Of Ethical Hacking Pedagogymentioning

confidence: 99%

Section: Strengths and Limitations Of Ethical Hacking Pedagogymentioning

confidence: 99%

Ethical implications for teaching students to hack to combat cybercrime and money laundering

Al-Tawil

2023

JMLC

View full text Add to dashboard Cite

show abstract

“…Pengujian yang dilakukan pada server fisik meliputi pengujian vulnerability dan penetration testing. Tujuan pengujian adalahmenentukan dan mengetahui macam-macam serangan yangmungkin dilakukan pada sistem serta akibat yang bisa terjadikarena adanya kelemahan keamanan pada sistem komputeratau jaringan yang dimiliki [6]. Laboratorium virtual akan dikembangkan untuk melakukan simulasi pengujian vulnerability dan penetration testing pada lingkungan virtualisasi.…”

Section: Pendahuluanunclassified

Pengembangan Laboratorium Virtual untuk Simulasi Uji Penetrasi Sistem Keamanan Jaringan

2019

View full text Add to dashboard Cite

This study aims to develop a virtualizationbased laboratory for simulating penetration tests and comparing the level of performance between physical servers and virtual servers. Development of a virtual laboratory using the VmwareWokstation hypervisor. Penetration simulation testing uses the Information System Security Assessment Framework (ISSAF) guidelines while the Tools used for testing penetration simulations use tools provided in Kali Linux. This study shows that the stages of penetration testing can be done in a virtual environment. Based on the results of the performance level testing shows a comparison of the two server response time levels is quite significant while for physical server throughput 10 times faster than virtual servers. Comparison of CPU enhancements on both servers is also quite significant inversely proportional to the comparison of memory usage on virtual servers 2 times greater than physical servers

show abstract

“…None of above designs, however, present a suite of labs for an EH course. There are also rich studies that address various aspects of EH (e.g., student red-teaming experiences [5], penetration testing architecture [7], EH certification course analysis [16], legal and ethical issues with EH [14,18,21]), but they do not explicitly address the choices and organization of topics in an EH course (i.e., the second challenge).…”

Section: Introductionmentioning

confidence: 99%

Developing an Undergraduate Course Curriculum for Ethical Hacking

Wang

McCoey

2020

Proceedings of the 21st Annual Conference on Information Technology Education

Self Cite

View full text Add to dashboard Cite

An Ethical Hacking (EH) course not only is a critical component for a Cybersecurity program but also an essential preparation for CS/IT majors towards career paths as security professionals. We face two major challenges when developing an undergraduate EH course, including the setup and choice of the lab design, and the choice and organization of covered topics for this course. On one hand, we have limited space, budget and technical support for a course that relies heavily on hands-on exercises. Given the nature of this course, the lab activities are often "offensive" and lab operations demand administrative privileges, which cause compliance issues with the university's IT policies. On the other hand, given the vast variety of topics and the fast pace of the field, it is difficult to select and organize an essential set of knowledge units to ensure that students are exposed to current technologies and prepared to be industry-ready. We adopt two major design principles to address these challenges correspondingly. First, our choice of a hybrid Virtual Machine (VM)-based and Web-based labs provides students the full set of privileges to perform lab activities without posing threats to the campus network. The Web-based labs remove high cost of hardware and avoid overwhelming installations and configurations for the lab. Second, given the diversity of topics and fast developments in this field, we choose topics based on four criteria: representative, current, certification-related, and foundations for other covered concepts. The chosen topics are aligned with three EH certificates, and organized into twelve modules with clear intermodule and intra-module logic. This paper details the curriculum of this EH course and elaborates how our design principles are entailed in the course.

show abstract

Ethical Hacking in Information Security Curricula

Cited by 14 publications

References 25 publications

Ethical implications for teaching students to hack to combat cybercrime and money laundering

Ethical implications for teaching students to hack to combat cybercrime and money laundering

Pengembangan Laboratorium Virtual untuk Simulasi Uji Penetrasi Sistem Keamanan Jaringan

Developing an Undergraduate Course Curriculum for Ethical Hacking

Contact Info

Product

Resources

About