SlideShare a Scribd company logo

Learning ethical hacking

M
mhmdtolba

This document discusses teaching ethical hacking skills as part of computer security education programs. It acknowledges that while hands-on labs teaching offensive techniques are important for developing security professionals, they also carry risks of inappropriate student behavior. The paper analyzes student behavior data and surveys to examine these risks. It recommends that computer security programs include both defensive and offensive hands-on labs, alongside lectures, but take steps to minimize risks and reduce liability, such as providing ethical guidelines for students and monitoring their online activities. The goal is to produce skilled security professionals while preventing illegal or unethical student conduct.

Technology
1 of 5
Download to read offline
1
2
3
4
5
Learning ethical hacking Abstract Teaching offensive security (ethical hacking) is becoming a necessary component of information security curricula with a goal of developing better security professionals. The offensive security components extend curricula beyond system defense strategies. This paper identifies and discusses the learning outcomes achieved as a result of hands-on lab exercises which focus on attacking systems. The paper includes the ethical implications associated with including such labs. The discussion is informed by analyses of log data on student malicious activities, and student survey results. The examination of student behavior after acquiring these skills demonstrates that there is potentially a high risk of inappropriate and illegal behavior associated with this type learning. While acknowledging these risks and problems, the paper recommends that curricula should opt for a teaching approach that offers students both offensive and defensive hands-on lab exercises in conjunction with lecture material. The authors propose steps to
minimize the risk of inappropriate behavior and reduce institutional liability. Article Preview  Introduction The importance of experimental learning has long been recognized in the learning theory literature (Denning, 2003; Du, Jayaraman, & Gaubatz, 2010). Despite this fact many graduate and undergraduate courses in information security still offer a limited number of hands-on laboratory exercises. The need for using a theory and practice-oriented approach in information security education is seen as paramount (Chiou Chen & Lin, 2007). A program that covers only the theoretical aspects of information security may not prepare students for overcoming the difficulties associated with the efficient protection of complex computer systems and information assets. Furthermore a learning environment that does not give the student an opportunity to experiment and practice with security technologies does not equip him/her with the skills and knowledge required for doing research and development in the computer security field. So far most information security courses have supplemented content by adding a practice-oriented
component which includes laboratory exercises (labs) based on defensive information security techniques (Hill, Carver, Humphries, & Pooch, 2001; Mullins et al., 2002; Vigna, 2003; Whitman, Mattord, & Green, 2014; Trabelsi, Hayawi, Al Braiki, & Mathew, 2013). However many academics and industry practitioners feel that to defend a system one needs a good knowledge of the attacks a system may face (Arce & McGraw, 2004). Students who understand how attacks are designed and launched will be better prepared for opportunities as security administrators rather than those without such skills (Logan and Clarkson, 2005). As a result, interest for including labs on offensive techniques originally developed by hackers has grown significantly. Teaching ethical hacking techniques has become a vital component of programs that aim to produce competent information security professionals (Brutus & Locasto, 2010; Damon, Dale, Land & Weiss, 2012; Dornseif, Gärtner, Holz & Mink, 2005; Ledin, 2011; Mink & Freiling, 2006; Trabelsi & Al Ketbi, 2013; Trabelsi, 2011; Yuan & Zhong, 2008; Trabelsi et al., 2013). Adding hacking activities to the information security curriculum raises some variety of ethical and legal issues. By using log data as well as data gathered through a student survey, this paper investigates the
ethical implications of offering hands-on lab exercises on attack techniques in information security education. The paper emphasizes teaching offensive techniques which are central to better understanding the hacker’s thinking and the ways in which security systems fail in these situations. Moreover, hands-on labs using attack techniques allow students to experiment with common attack techniques and consequently allow them to implement the appropriate security solutions and more efficiently protect the confidentiality, integrity, and availability of computer systems, networks, resources, and data. The paper proposes measures that schools and educators can take to develop successful and problem-free information security programs while reducing legal liabilities, preventing student misconduct, and teaching students responsible behavior. The paper is organized as follows: Section 2 presents the case of teaching offensive techniques in hands-on lab exercises and the expected learning outcomes resulting from this approach. Sections 3 and 4 discuss the risks arising from teaching offensive techniques in an academic environment, the associated ethical concerns, and the emerging liability issues; along with practical steps to mitigate
these risks. Finally, Section 5 summarizes the results and concludes the paper. https://uii.io/becomehacker

More Related Content

PDF
Security in Learning Management Systems: Designing Collaborative Learning Act...
eLearning Papers
 
PPTX
Muller Chapter 4 Notes
jnmuller823
 
PDF
RISKS AND REMEDIES IN E-LEARNING SYSTEM
IJNSA Journal
 
DOC
Nabila__proposal4.doc
butest
 
PPTX
E-learning
Gunjan126
 
PDF
IoT-based students interaction framework using attention-scoring assessment i...
eraser Juan José Calderón
 
PDF
Primary national curriculum_-_computing
Craig Evans
 
PPT
ICWL 2009
Ahmed Al-Hmouz
 
Security in Learning Management Systems: Designing Collaborative Learning Act...
eLearning Papers
 
Muller Chapter 4 Notes
jnmuller823
 
RISKS AND REMEDIES IN E-LEARNING SYSTEM
IJNSA Journal
 
Nabila__proposal4.doc
butest
 
E-learning
Gunjan126
 
IoT-based students interaction framework using attention-scoring assessment i...
eraser Juan José Calderón
 
Primary national curriculum_-_computing
Craig Evans
 
ICWL 2009
Ahmed Al-Hmouz
 

What's hot (10)

PDF
In tech application-of_data_mining_technology_on_e_learning_material_recommen...
Enhmandah Hemeelee
 
DOCX
Artifact map
Cassidy Baker
 
PDF
01357477
antonia ximenes
 
PPTX
Feasibility study on an answer grading system based on keyword scanning
Hossain Mohammad Samrat
 
PDF
The success factors for effective implementation of e learning systems
khalid Mohamed
 
PPTX
Insight into Managing mobile devices webinar
Jisc RSC East Midlands
 
DOCX
3 Content/Body
James Paul Bernardo
 
DOCX
Technology organization system
joymccook
 
PPTX
Technology Integration Education Issues
Nicole Baluyot
 
PPTX
Training Technology Resource Center (TRC) Employees with Brightspace
D2L Barry
 
In tech application-of_data_mining_technology_on_e_learning_material_recommen...
Enhmandah Hemeelee
 
Artifact map
Cassidy Baker
 
01357477
antonia ximenes
 
Feasibility study on an answer grading system based on keyword scanning
Hossain Mohammad Samrat
 
The success factors for effective implementation of e learning systems
khalid Mohamed
 
Insight into Managing mobile devices webinar
Jisc RSC East Midlands
 
3 Content/Body
James Paul Bernardo
 
Technology organization system
joymccook
 
Technology Integration Education Issues
Nicole Baluyot
 
Training Technology Resource Center (TRC) Employees with Brightspace
D2L Barry
 

Similar to Learning ethical hacking (20)

PDF
Journal of Information Technology Education/tutorialoutletdotcom
williamtrumpz5m
 
PDF
Recapitulating the development initiatives of a robust information security s...
IOSR Journals
 
PDF
INVESTIGATING THE DETERMINANTS OF COLLEGE STUDENTS INFORMATION SECURITY BEHAV...
ijcsit
 
PDF
INVESTIGATING THE DETERMINANTS OF COLLEGE STUDENTS INFORMATION SECURITY BEHAV...
AIRCC Publishing Corporation
 
PDF
Investigating the Determinants of College Students Information Security Behav...
AIRCC Publishing Corporation
 
PDF
Secured cloud support for global software
ijseajournal
 
PDF
Improving Delivery Effectiveness of Information Security Learning Continuum
Mansoor Faridi, CISA
 
PDF
Cybersecurity in Educational Institutions: Management Strategies (www.kiu.ac.ug)
publication11
 
PDF
Information Security Management in University Campus Using Cognitive Security
CSCJournals
 
PDF
System Dynamics Based Insider Threats Modeling
IJNSA Journal
 
PPTX
Towards a Structured Information Security Awareness Programme
tulipbiru64
 
PDF
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
CSCJournals
 
DOCX
ISSC451 Cybercrime.docx
stirlingvwriters
 
PDF
Appling tracking game system to measure user behavior toward cybersecurity p...
IJECEIAES
 
DOCX
Journal of Information Technology Education Volume 11, 2012 .docx
tawnyataylor528
 
PPTX
144 presentation iee_tel2021
Malinka Ivanova
 
DOCX
SkinnerJ_PS533_Final Paper
Jake Skinner
 
PDF
Ikeepsafe Cyber Safety, Ethics and Security Competencies
John Macasio
 
PDF
Electronic Healthcare Record Security and Management in Healthcare Organizations
ijtsrd
 
PDF
Legal and Ethical Guidelines in CCTV Surveillance.pdf
Dharmsinh Desai of University
 
Journal of Information Technology Education/tutorialoutletdotcom
williamtrumpz5m
 
Recapitulating the development initiatives of a robust information security s...
IOSR Journals
 
INVESTIGATING THE DETERMINANTS OF COLLEGE STUDENTS INFORMATION SECURITY BEHAV...
ijcsit
 
INVESTIGATING THE DETERMINANTS OF COLLEGE STUDENTS INFORMATION SECURITY BEHAV...
AIRCC Publishing Corporation
 
Investigating the Determinants of College Students Information Security Behav...
AIRCC Publishing Corporation
 
Secured cloud support for global software
ijseajournal
 
Improving Delivery Effectiveness of Information Security Learning Continuum
Mansoor Faridi, CISA
 
Cybersecurity in Educational Institutions: Management Strategies (www.kiu.ac.ug)
publication11
 
Information Security Management in University Campus Using Cognitive Security
CSCJournals
 
System Dynamics Based Insider Threats Modeling
IJNSA Journal
 
Towards a Structured Information Security Awareness Programme
tulipbiru64
 
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
CSCJournals
 
ISSC451 Cybercrime.docx
stirlingvwriters
 
Appling tracking game system to measure user behavior toward cybersecurity p...
IJECEIAES
 
Journal of Information Technology Education Volume 11, 2012 .docx
tawnyataylor528
 
144 presentation iee_tel2021
Malinka Ivanova
 
SkinnerJ_PS533_Final Paper
Jake Skinner
 
Ikeepsafe Cyber Safety, Ethics and Security Competencies
John Macasio
 
Electronic Healthcare Record Security and Management in Healthcare Organizations
ijtsrd
 
Legal and Ethical Guidelines in CCTV Surveillance.pdf
Dharmsinh Desai of University
 

Recently uploaded (20)

PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
A Presentation on Artificial Intelligence
memembruh336
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 

Learning ethical hacking

  • 1. Learning ethical hacking Abstract Teaching offensive security (ethical hacking) is becoming a necessary component of information security curricula with a goal of developing better security professionals. The offensive security components extend curricula beyond system defense strategies. This paper identifies and discusses the learning outcomes achieved as a result of hands-on lab exercises which focus on attacking systems. The paper includes the ethical implications associated with including such labs. The discussion is informed by analyses of log data on student malicious activities, and student survey results. The examination of student behavior after acquiring these skills demonstrates that there is potentially a high risk of inappropriate and illegal behavior associated with this type learning. While acknowledging these risks and problems, the paper recommends that curricula should opt for a teaching approach that offers students both offensive and defensive hands-on lab exercises in conjunction with lecture material. The authors propose steps to
  • 2. minimize the risk of inappropriate behavior and reduce institutional liability. Article Preview  Introduction The importance of experimental learning has long been recognized in the learning theory literature (Denning, 2003; Du, Jayaraman, & Gaubatz, 2010). Despite this fact many graduate and undergraduate courses in information security still offer a limited number of hands-on laboratory exercises. The need for using a theory and practice-oriented approach in information security education is seen as paramount (Chiou Chen & Lin, 2007). A program that covers only the theoretical aspects of information security may not prepare students for overcoming the difficulties associated with the efficient protection of complex computer systems and information assets. Furthermore a learning environment that does not give the student an opportunity to experiment and practice with security technologies does not equip him/her with the skills and knowledge required for doing research and development in the computer security field. So far most information security courses have supplemented content by adding a practice-oriented
  • 3. component which includes laboratory exercises (labs) based on defensive information security techniques (Hill, Carver, Humphries, & Pooch, 2001; Mullins et al., 2002; Vigna, 2003; Whitman, Mattord, & Green, 2014; Trabelsi, Hayawi, Al Braiki, & Mathew, 2013). However many academics and industry practitioners feel that to defend a system one needs a good knowledge of the attacks a system may face (Arce & McGraw, 2004). Students who understand how attacks are designed and launched will be better prepared for opportunities as security administrators rather than those without such skills (Logan and Clarkson, 2005). As a result, interest for including labs on offensive techniques originally developed by hackers has grown significantly. Teaching ethical hacking techniques has become a vital component of programs that aim to produce competent information security professionals (Brutus & Locasto, 2010; Damon, Dale, Land & Weiss, 2012; Dornseif, Gärtner, Holz & Mink, 2005; Ledin, 2011; Mink & Freiling, 2006; Trabelsi & Al Ketbi, 2013; Trabelsi, 2011; Yuan & Zhong, 2008; Trabelsi et al., 2013). Adding hacking activities to the information security curriculum raises some variety of ethical and legal issues. By using log data as well as data gathered through a student survey, this paper investigates the
  • 4. ethical implications of offering hands-on lab exercises on attack techniques in information security education. The paper emphasizes teaching offensive techniques which are central to better understanding the hacker’s thinking and the ways in which security systems fail in these situations. Moreover, hands-on labs using attack techniques allow students to experiment with common attack techniques and consequently allow them to implement the appropriate security solutions and more efficiently protect the confidentiality, integrity, and availability of computer systems, networks, resources, and data. The paper proposes measures that schools and educators can take to develop successful and problem-free information security programs while reducing legal liabilities, preventing student misconduct, and teaching students responsible behavior. The paper is organized as follows: Section 2 presents the case of teaching offensive techniques in hands-on lab exercises and the expected learning outcomes resulting from this approach. Sections 3 and 4 discuss the risks arising from teaching offensive techniques in an academic environment, the associated ethical concerns, and the emerging liability issues; along with practical steps to mitigate
  • 5. these risks. Finally, Section 5 summarizes the results and concludes the paper. https://uii.io/becomehacker