Incorporating hacking projects in computer and information security education: an empirical study

Abstract

Incorporating hacking projects in information security education is controversial. However, several studies discussed the benefits of including offensive exercises (e.g., hacking) in information security courses. In this paper, we present our experiment in incorporating hacking projects in the laboratory exercises for an undergraduate-level Computer and Information Security (CIS) course at King Abdulaziz University (KAU), Saudi Arabia. We conducted a survey to measure the effectiveness of incorporating hacking projects from the students' perspective. We also questioned the ethical aspects of these projects. The results strongly suggest that hacking projects have helped the students better understanding computer and information security principles. Furthermore, the majority of the students stated that they do not intend to misuse the learned skills, mainly for religious and ethical reasons. We also present the precautions that we took to avoid legal or ethical consequences that may be connected with these activities.