Journal of Information Systems Education


Students need real-world experience. Industry needs graduating students entering the workforce to be skilled in relevant subject matter, critical thinking, and communication skills. Community-based nonprofit organizations, as well as small businesses, need help in building organizational capacity. Instructors also benefit from periodic observation of organizational work in the instructor’s area of teaching. A service-learning course that is focused on capacity building is a means to reach all of these goals. This article presents a roadmap for teaching a service-learning course in information security risk assessment. Students work in teams on a term-long project conducting an on-site risk assessment, making security recommendations, and producing and presenting a final security risk report to an organization’s management. Teaching tips are offered on course planning, launch, materials, and execution.