Supporting Case-based Learning in Information Security with Web-based Technology

Case-based learning has been widely used in many disciplines. As an effective pedagogical method, case-based learning is also being used to support teaching and learning in the domain of information security. In this paper, we demonstrate case-based learning in information security by sharing our experiences in using a case study to teach security management. A process model of integrating a case library and Web 2.0 technologies to facilitate case-based learning is also presented in this paper. Insights and recommendations for implementing the process model are offered as well

Teaching Information Security with Workflow Technology – A Case Study Approach

In recent years, there has been a significant increase in the demand from professionals in different areas for improving the curricula regarding information security. The use of authentic case studies in teaching information security offers the potential to effectively engage students in active learning. In this paper, the authors introduce the approach of using workflow technology to compose case studies to enhance information security education. This approach allows students from different disciplines to collaborate in a distributed computing environment in order to learn important information security principles. Two case studies simulating real-life scenarios, including one for an online banking system and one for an online grading system, are recreated within a laboratory setting using workflow technology and are then presented in information security classes. Our educational practice shows that the benefits of using workflow technology in information security education have been well received by students

The Role of Delivery Methods on the Perceived Learning Performance and Satisfaction of IT Students in Software Programming Courses

More and more information technology (IT) programs are offering distance learning courses to their students. However, to date, there are a very limited number of published articles in the IT education literature that compare how different methods of delivering distance course relate to undergraduate students’ learning outcomes in IT software programming courses taught by the same instructor. Thus, we conducted a case study to assess the predictive relationships between distance course delivery method (face-to-face, satellite broadcasting, and live video-streaming) and students’ perceived learning performance and satisfaction in IT software programming courses taught by the same instructor. The results suggested that the choice of delivery method was related to students’ satisfaction and programming skill enhancement. However, we did not find a relationship between the delivery method and the students’ perceived learning performance. Specifically, the participants in the face-to-face delivery method group were more likely to feel satisfied with the delivery method than the students using the other two delivery methods (i.e., satellite broadcasting and live video streaming)

A Course Module On Application Logic Flaws

Software security is extremely important, and even thoroughly tested code may still have exploitable vulnerabilities. Some of these vulnerabilities are caused by logic flaws. Due to the nature of application or business logic, few automated tools can test for these types of security issues. Therefore, it is important for students to learn how to reduce the number of logic flaws when developing software, and how to test for them manually. A course module with a case study was created to teach students about this topic. Case-based teaching methods are used because it allows students to better apply learned skills to real world industrial settings, and there is a lack of case studies available for current software engineering curriculum. The course module includes an introduction, a quiz on the reading, an animated PowerPoint about the case, and a set of discussion questions. The introduction covers what logic flaws are, reducing logic flaws during software development, and how to test for them manually. The case is about eCommerce merchant software Bigcommerce using PayPal Express to collect payment. A flaw lets attackers complete an expensive order using the payment intended for a cheaper order. An animation was created to trace the HTTP interactions and back-end code representing the steps of the exploit from this case, and explain the manual testing method used to discover the exploit. A set of discussion questions has students apply this method to similar code, to find potential vulnerabilities and then fix them. This course module was taught in COMP 727 Secure Software Engineering at North Carolina A&T State University in the Spring 2015 semester. A pre-survey and post-survey on the learning objectives shows students felt they improved their knowledge and skills relating to application logic flaws. A quiz based on the reading shows students understood the material. The quality of student discussions was very high. Discussion question results were graded using a rubric, and three-quarters of the class received an 85% grade or higher. Overall, this case study was effective at teaching students about application logic flaws. It will be made available to other universities, and can be easily integrated into existing curriculum

Digital information security management policy in academic libraries: A systematic review (2010­2022)

La gestion de la sécurité de l’information numérique est considérée comme un outil important pour assurer la protection des renseignements personnels et des données. Le but de cette recherche est d’examiner la mise en œuvre dans les bibliothèques universitaires. Une analyse documentaire systématique a été effectuée pour atteindre les objectifs de l’étude. Les données ont été recueillies à partir de différentes bases de données bien connues, à savoir, Library Information Science and Technology Abstracts (LISTA), Library and Information Science Abstracts (LISA), IEEE Xplore, Emerald Insight, ACM Digital Library, Scopus, revues Sage, Taylor & Francis, ProQuest, Science Direct, Wiley Online Library, et Google Scholar

Kohti mielekästä sosiaalityön verkko-opetusta ja -opiskelua

Verkko-opetuksen kehittäminen yliopistoissa on osa opetus- ja kulttuuriministeriön koulutuksen ja tutkimuksen tietoyhteiskunta -kehittämisen visiota. Tavoitteena on tieto- ja viestintäteknologian avulla edistää laadukasta oppimista ja varmistaa kaikille tasa-arvoiset mahdollisuudet kouluttautua. Sosiaalityön valtakunnallinen yliopistoverkosto Sosnet tarjoaa verkkokursseillaan sosiaalityön opetusta vuosittain sadoille opiskelijoille Suomessa. Sosnet teetti 2011 selvityksen opiskelijoiden ja opettajien kokemuksista Sosnetin verkko-opetuksesta. Tässä pro gradu -tutkielmassa jatkettiin tuon kyselytutkimuksen aineiston parissa tarkastellen sitä mielekkään verkko-opetuksen ja opiskelun näkökulmasta. Tavoitteena oli selvittää, kuinka Sosnetin verkkokursseilla käytetyt opetus- ja opiskelumenetelmät ja oppimateriaalityypit mahdollistivat mielekästä verkko-opiskelua, sekä miten Sosnetin opetusta voitaisiin kehittää mielekkään verkko-opetuksen ja -opiskelun suuntaiseksi. Kyselyjen avovastauksista muodostuva kvalitatiivinen aineisto analysoitiin teemoitellen. Kvantitaviivisen aineiston analyysissä käytettiin ristiintaulukointia, faktorianalyysiä, summamuuttujia sekä monivastausmuuttujia, joiden avulla tarkasteltiin eroja opiskelijoiden ja opettajien kokemusten välillä. Osa Sosnetin verkkokursseilla käytetyistä työskentelymenetelmistä ja oppimateriaalityypeistä tuli joustavaa ja yksilöllistä opiskelua, osa taas yhteistoiminnallista ja konstruktiivista opiskelua. Opiskelijat kokivat yhteistoiminnallisuuden vähentävän heidän opiskelunsa joustavuutta ja yksilöllisyyttä, kun taas opettajat arvostivat yhteistoiminnallisuuden mahdollistamaa konstruktiivista oppimista, jossa opiskelijat oppivat toistensa tiedoista ja kokemuksista. Opettajien antama oikea-aikainen ja opiskelijoiden toimintaa ohjaava palaute, selkeä ohjeistus ja ennakkotieto kurssien vaatimuksista, sisällöstä, opiskelumenetelmistä ja aikataulusta voisi edistää opiskelijoiden sitoutumista kurssille. Sosiaalityön verkko-opetuksen kontekstuaalisuutta lisäämällä voitaisiin parantaa opintojen antamia ammatillisia valmiuksia