NotesFAQContact Us
Collection
Advanced
Search Tips
Peer reviewed Peer reviewed
Direct linkDirect link
ERIC Number: EJ1014287
Record Type: Journal
Publication Date: 2013
Pages: 9
Abstractor: As Provided
Reference Count: 29
ISBN: N/A
ISSN: ISSN-1055-3096
Information Security Assessment of SMEs as Coursework -- Learning Information Security Management by Doing
Ilvonen, Ilona
Journal of Information Systems Education, v24 n1 p53-61 Spr 2013
Information security management is an area with a lot of theoretical models. The models are designed to guide practitioners in prioritizing management resources in companies. Information security management education should address the gap between the academic ideals and practice. This paper introduces a teaching method that has been in use as coursework for ten years. In addition to the theoretical lectures on information security management issues, the students of the course perform information security assessments of local small and medium enterprises (SME). The general assessment of the information security status of a company gives the students a view into what the companies have taken into practice and if they have used theoretical models to guide their work. The analysis of the status and suggestions for improvements also teach the students to scale the theory with the size and operations of the company. This is important because usually information security management literature takes the viewpoint of large organizations, whereas the companies that participate in the assessment are small or medium-sized. Course feedback from the students shows that the assignment is perceived to be useful and interesting, and that it works well when paired with the theoretical teaching of the course. The students find working with real companies motivating, and state that they have learned more than they would have learned on a purely theoretical course. The paper discusses experiences from the course to present a teaching and learning method worth experimenting with in other universities. (Contains 2 tables.)
Journal of Information Systems Education. e-mail: editor@jise.org; Web site: http://www.jise.org
Publication Type: Journal Articles; Tests/Questionnaires; Reports - Evaluative
Education Level: Higher Education; Postsecondary Education
Audience: N/A
Language: English
Sponsor: N/A
Authoring Institution: N/A