Case-based learning (CBL) is a powerful pedagogical method of creating dialogue between theory and practice. CBL is particularly suited to executive learning as it instigates critical discussion and draws out relevant experiences. In this paper we used a real-world case to teach Information Security Management to students in Management Information Systems. The real-world case is described in a legal indictment (T-mobile USA Inc v. Huawei Device USA Inc. and Huawei Technologies Co. LTD) alleging theft of intellectual property (trade secrets) and breaches of contract concerning confidentiality and disclosure of sensitive information. The incident concerns a mobile phone testing robot (Tappy) developed by T-mobile USA to automate testing of mobile phones prior to launch. Tmobile alleges Huawei stole the technology by copying the robot’s specifications and stealing parts and software to develop its own testing robot. The incident scenario is interesting as it relates to a business asset that has both digital and physical components that has been compromised through an unconventional cyber-physical attack facilitated by insiders. The scenario sparked an interesting debate among students about the scope and definition of security incidents, the role and structure of the security unit, the utility of compliance-based approaches to security, and the inadequate use of threat intelligence in modern security strategies.
Ahmad, Atif; Maynard, Sean B.; Motahhir, Sameen; and Alshaikh, Moneer, "Teaching Information Security Management Using an Incident of Intellectual Property Leakage" (2020). ACIS 2020 Proceedings. 36.