Affiliation:
1. UAE University, UAE
2. La Salle University, USA
Abstract
This chapter identifies and discusses the learning outcomes to be achieved because of hands-on lab exercises using ethical hacking. It discusses the ethical implications associated with including such labs in the information security curriculum. The discussion is informed by analyses of log data on student malicious activities, and the results of student surveys. The examination of student behavior after acquiring hands-on offensive skills shows that there is potentially a high risk of using these skills in an inappropriate and illegal manner. While acknowledging the risk and the ethical problems associated with teaching ethical hacking, it strongly recommends that information security curricula should opt for a teaching approach that offers students both offensive hands-on lab exercises coupled with ethical practices related to the techniques. The authors propose steps to offer a comprehensive information security program while at the same time minimizing the risk of inappropriate student behavior and reducing institutional liability in that respect and increasing the ethical views and practices related to ethical hacking.