Given the magnitude of real and potential loses associated with security breaches, public employers increasingly expect graduates of management information systems (MIS) programs to have a broad understanding of information security concepts. Support for requiring this broad understanding are based on industry estimates that security breaches affect 90% of all businesses every year and cost some $17 billion (Austin & Darby, 2003). In response to these needs, undergraduate and graduate courses were developed where the primary course objectives discussed involve network security, information warfare, and computer forensics. The infrastructure requirements for the courses include the establishment of appropriate course prerequisites, setting up a secure laboratory environment to accommodate the development of viruses and worms, and white hat agreements to protect universities and faculty members involved with these courses. White hat agreements with the students are a key element to the enforcement of policies associated with these courses. Based on both classroom experience and collaboration with information security industry executives, including Federal Bureau of Investigation (FBI) and Secret Service representatives, the authors conclude with a discussion of “lessons learned” and suggestions for safely teaching effective information systems security courses.
Jensen, Bradley K. and Cline, Melinda, "Teaching Information Security Courses: Objectives, Requirements, and Challenges" (2005). AMCIS 2005 Proceedings. 272.