Access the full text.
Sign up today, get DeepDyve free for 14 days.
Loading next page...
/lp/emerald-publishing/teaching-information-security-management-reflections-and-experiences-E2QNH3U2is
References (67)
-
M. Bishop (2003)
What Is Computer Security?IEEE Secur. Priv., 1
-
M. Siponen (2006)
Information security standards focus on the existence of process, not its contentCommun. ACM, 49
-
R. Baskerville (1991)
Risk analysis: an interpretive feasibility tool in justifying information systems securityEuropean Journal of Information Systems, 1
-
Anthony Vance, M. Siponen, Seppo Pahnila (2012)
Motivating IS security compliance: Insights from Habit and Protection Motivation TheoryInf. Manag., 49
-
Donn Parker (2007)
Risks of risk-based securityCommunications of the ACM, 50
-
10.1016/S0167-4048(01)00407-2
-
D. Zenkin (2001)
Fighting Against the Invisible Enemy - Methods for detecting an unknown virusComput. Secur., 20
-
J. D'Arcy, A. Hovav (2007)
Deterring internal information systems misuseCommun. ACM, 50
-
H. Venter, J. Eloff (2003)
A taxonomy for information security technologiesComput. Secur., 22
-
Christopher Alberts, Audrey Dorofee (2002)
Managing Information Security Risks: The OCTAVE Approach -
C. Pfleeger (1988)
Security in computing -
S. Sharma, Joshua Sefchek (2007)
Teaching information systems security courses: A hands-onapproachComput. Secur., 26
-
Atif Ahmad, S. Maynard, Sangseo Park (2014)
Information security strategies: towards an organizational multi-strategy perspectiveJournal of Intelligent Manufacturing, 25
-
D. Teece, G. Pisano, A. Shuen (1997)
DYNAMIC CAPABILITIES AND STRATEGIC MANAGEMENTStrategic Management Journal, 18
-
R. Grant (1996)
Toward a Knowledge-Based Theory of the Firm,” Strategic Management Journal (17), pp. -
W. Diffie (2008)
Information security: 50 years behind, 50 years aheadCommun. ACM, 51
-
Martin Davies (2006)
Intensive Teaching Formats: A Review.Issues in Educational Research, 16
-
(2003)
Security Incident Handling Step by Step. Available from http://www.sans.org; n.d -
W. Tirenin, D. Faatz (1999)
A concept for strategic cyber defenseMILCOM 1999. IEEE Military Communications. Conference Proceedings (Cat. No.99CH36341), 1
-
S. Malladi, O. El-Gayar, K. Streff (2007)
Experiences and lessons learned in the design and implementation of an Information Assurance curriculum2007 IEEE SMC Information Assurance and Security Workshop
-
Edwin Heinlein (1995)
Principles of information systems securityComput. Secur., 14
-
Karin Höne, J. Eloff (2002)
Feature: What Makes an Effective Information Security Policy?Network Security archive, 2002
-
T. Fitzgerald (2007)
Clarifying the Roles of Information Security: 13 Questions the CEO, CIO, and CISO Must Ask Each OtherInformation Systems Security, 16
-
J. Lim, Shanton Chang, S. Maynard, Atif Ahmad (2009)
Exploring the relationship between organizational culture and information security culture -
Dieter Gollmann (2010)
Computer securityWiley Interdisciplinary Reviews: Computational Statistics, 2
-
J. Myers, Sandra Riela (2008)
Taming the diversity of information assurance & securityJournal of Computing Sciences in Colleges, 23
-
E. Thompson, Michelle Kaarst-Brown (2005)
Sensitive information: A review and research agendaJ. Assoc. Inf. Sci. Technol., 56
-
(2007)
How the Cyber Defense Exercise Shaped an Information-Assurance Curriculum -
Jackie Ulmer, Subhajyoti Bandyopadhyay, E. Spafford (2003)
PFIRES: a policy framework for information securityCommun. ACM, 46
-
(2006)
Integrating Information Assurance and Security into IT Education: A Look at the Model Curriculum and Emerging PracticeJ. Inf. Technol. Educ., 5
-
A. Ahmad, A. Ruighaver, W. Teo (2005)
An information-centric approach to data security in organizationsTENCON 2005 - 2005 IEEE Region 10 Conference
-
S. Maynard, A. Ruighaver (2007)
Security Policy Quality: A Multiple Constituency Perspective -
Ernest Pascarella, P. Terenzini (1992)
How college affects students : findings and insights from twenty years of researchContemporary Sociology, 21
-
E. Casey (2006)
Investigating sophisticated security breachesCommun. ACM, 49
-
R. Grant (1997)
The knowledge-based view of the firm: Implications for management practiceLong Range Planning, 30
-
A. Veiga, J. Eloff (2010)
A framework and assessment instrument for information security cultureComput. Secur., 29
-
M. Siponen, M. Mahmood, Seppo Pahnila (2009)
Technical opinionAre employees putting your company at risk by not following information security policies?Communications of the ACM, 52
-
Piya Shedden, A. Ruighaver, Atif Ahmad (2006)
Risk Management Standards - The Perception of Ease of Use -
A. Ruighaver, S. Maynard, M. Warren (2010)
Ethical decision making: Improving the quality of acceptable use policiesComput. Secur., 29
-
Ross Anderson (2001)
Why information security is hard - an economic perspectiveSeventeenth Annual Computer Security Applications Conference
-
E. Schultz (2007)
Mobile computing: The next Pandora's BoxComput. Secur., 26
-
Steve Purser (2002)
Why access control is difficultComput. Secur., 21
-
I. Bose, A. Leung (2007)
Unveiling the Mask of Phishing: Threats, Preventive Measures, and ResponsibilitiesCommun. Assoc. Inf. Syst., 19
-
Janine Spears, H. Barki (2010)
User Participation in Information Systems Security Risk ManagementMIS Q., 34
-
M. Olson (2010)
Enhancing Adult Motivation to Learn: A Comprehensive Guide for Teaching All AdultsJournal of Adult Education, 39
-
C. Vroom, R. Solms (2004)
Towards information security behavioural complianceComput. Secur., 23
-
Mark Desman (2003)
The Ten Commandments of Information Security Awareness TrainingInformation Systems Security, 11
-
Huaying Chen, S. Maynard, Atif Ahmad (2013)
A Comparison Of Information Security Curricula In China And The USA -
W. Dalton, M. Lowenthal (2002)
Intelligence: From Secrets to PolicyNaval War College Review, 55
-
Piya Shedden, Rens Scheepers, Wally Smith, Atif Ahmad (2011)
Incorporating a knowledge perspective into security risk assessmentsVine, 41
-
L. Lewis, Ernest Pascarella, P. Terenzini (1992)
How College Affects Students: Findings and Insights from Twenty Years of Research, 78
-
10.2307/25750690
-
10.28945/244
-
M. Bishop, D. Frincke (2007)
Achieving Learning Objectives through E-Voting Case StudiesIEEE Security & Privacy, 5
-
Burcu Bulgurcu, H. Cavusoglu, I. Benbasat (2010)
Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security AwarenessMIS Q., 34
-
S. Garfinkel, Gene Spafford (1996)
Practical UNIX and Internet Security -
(2006)
Towards Changes in Information Security Education -
N. Molok, Atif Ahmad, Shanton Chang (2010)
Information Leakage through Online Social Networking: Opening the Doorway for Advanced Persistence Threats, 19
-
日本規格協会 (2005)
情報技術-セキュリティ技術-情報セキュリティマネジメントシステム-要求事項 : 国際規格ISO/IEC 27001 = Information technology-Security techniques-Information security management systems-Requirements : ISO/IEC 27001 -
Terence Tan, T. Ruighaver, Atif Ahmad (2003)
Incident Handling: Where the need for planning is often not recognised -
Mehdi Bouaziz (2012)
An Introduction to Computer Security -
T. Wiant (2005)
Information security policy's impact on reporting security incidentsComput. Secur., 24
-
10.1109/MSP.2007.111
-
Atif Ahmad, Justin Hadgkiss, A. Ruighaver (2012)
Incident response teams - Challenges in supporting the organisational security functionComput. Secur., 31
-
S. Park, M. Gordon (1996)
PUBLICATION RECORDS AND TENURE DECISIONS IN THE FIELD OF STRATEGIC MANAGEMENTStrategic Management Journal, 17
-
B. Schneier (2003)
Beyond Fear: Thinking Sensibly About Security in an Uncertain World -
K. Koh, A. Ruighaver, S. Maynard, Atif Ahmad (2005)
Security Governance: Its Impact on Security Culture
- Publisher
- Emerald Publishing
- Copyright
- Copyright © Emerald Group Publishing Limited
- ISSN
- 0968-5227
- DOI
- 10.1108/IMCS-08-2013-0058
- Publisher site
- See Article on Publisher Site
Abstract
Purpose – The purpose of this paper is to describe the development, design, delivery and evaluation of a postgraduate information security subject that focuses on a managerial, rather than the more frequently reported technical perspective. The authors aimed to create an atmosphere of intellectual excitement and discovery so that students felt empowered by new ideas, tools and techniques and realized the potential value of what they were learning in the industry. Design/methodology/approach – The paper develops fundamental principles and arguments that inform the design and development of the teaching curriculum. The curriculum is aimed at security management professionals in general and consultants in particular. The paper explains the teaching method in detail including the specific topics of lectures, representative reading material, assessment tasks and feedback mechanisms. Finally, lessons learned by the authors and their conclusions are presented as a form of reflection. Findings – The instructors recognized four key factors that played a role in the atmosphere of intellectual excitement and motivation. These were new concepts and ideas, an increased level of engagement, opportunities for students to make their own discoveries and knowledge presented in a practical context. Maintaining a high quality of teaching resources, catering for diverse student needs and incorporating learning cycles of assessment in a short period of time were additional challenges. Originality/value – Most “information security” curricula described in research literature take a technology-oriented perspective. This paper presents a much-needed management point of view. The teaching curriculum (including assessment tasks) and experiences will be useful to existing and future teaching and research academics in “information security management”. Those interested in developing their own teaching material will benefit from the discussion on potential topic areas, choice of assessment tasks and selection of recommended reading material.
Journal
Information Management & Computer Security – Emerald Publishing
Published: Nov 10, 2014