2018 EDSIGCON Proceedings - Abstract Presentation

Ethical Hacking Skills: Review of Pedagogical Approaches and Recommendation of Best Practices

Regina Hartley
Appalachian State University

Lakshmi Iyer
Appalachian State University

Christopher Warren Taylor
Appalachian State University

Abstract
The reliance on information technologies and technological infrastructures continues to permeate all of the society. Some concern, quite possibly, stems from the obvious lack of security typically found in information technologies and systems. The Internet has provided massive opportunities in a wide range of areas, but it has also necessitated that individuals be educated on topics related to this growth. Future careers in cybersecurity may compel professionals to be better equipped with skills and mindsets that are similar to those of attackers and intruders in order to adequately recognize and defend networks. While there are positive and productive aspects provided by the Internet and the networking of devices, the opposite may also be said. Unpleasant consequences of such usage have also produced unexpected results such as ransomware and DDoS attacks, as well as other highly politicized and publicized hacks. Even more alarming is the potential security issues and flaws inherent in the usage and application involving the Internet of Things, which creates a whole new host of unprecedented concerns for cybersecurity professionals. In the 21st century, it is becoming increasingly more critical that security professionals keep ahead of the undesirable intrusions and attacks made possible by a dependence and reliance on computer networks and the Internet. Many insist that future cybersecurity professionals need to have the same skill sets and mind sets as attackers in order to adequately recognize and defend networks from intrusion. One of the more successful approaches in the education and preparation of cybersecurity professionals is that of ethical hacking. This methodology is maintained by many to be a more proactive approach, and it is one achieving great success in educational endeavors within cybersecurity instruction. As such, ethical hacking education can provide future professionals with the knowledge and skill sets to combat current and future cybersecurity issues. The leading purpose of this research is to analyze and evaluate the usage of an ethical hacking methodology to improve information security education for future cybersecurity professionals. It is argued by a number of professionals that a hacking methodology appears to be a more offensive and proactive approach for information security instruction. This approach may be more effective to adequately prepare future information security professionals when faced with unethical hacker intrusions and activities associated with the Internet and computer networks. It is maintained by an increasing number of educators that future cybersecurity professionals would be better prepared to combat intrusions if equipped with comparable knowledge and skill sets currently used by attackers. In addition, future information technology professionals must be prepared to fight the ever-growing challenges associated with effectively securing computer networks and information systems connected to the Internet. This research will also define ethical hacking, examine ethical hacking education as a viable approach for teaching cybersecurity, as well as best practices currently in usage. References Ethical Hacking: Student courseware. Ec-Council. (2005, March). Retrieved from www.eccouncil.org. Greene, T (2004, July 22). Training ethical hackers: Training the enemy? Retrieved December 10, 2015. Greene, T. (2016, December 14). Lessons learned from the 7 major cyber security incidents of 2016. Retrieved June 14, 2017. Logan, P., & Clarkson, A. (2005). Teaching students to hack. SIGCSE Bull. ACM SIGCSE Bulletin, 157-157. Saleem, S. A. (2006). Ethical hacking as a risk management technique. Proceedings of the 3rd Annual Conference on Information Security Curriculum Development – InfoSecCD ’06. Scott, M., & Wingfield, N. (2017, May 13). Hacking Attack Has Security Experts Scrambling to Contain Fallout. Retrieved June 14, 2017. Simpson, M. T., Backman, K., & Corley, J. E. (2013). Hands-on ethical hacking and network defense. Boston, MA: Cengage Technology. Trabelsi, Z. (2011). Hands-on lab exercises implementation of DoS and MiM attacks using ARP cache poisoning. Proceedings of the 2011 Information Security Curriculum Development Conference on - InfoSecCD '11. Trabelsi, Z. (2012). Switch’s CAM table poisoning attack: Hands-on lab exercises for network security education. Proceedings of the Fourteenth Australasian Computing Education Conference (ACE2012), Melbourne, Australia. Trabelsi, Z., & McCoey, M. (2016). Ethical hacking in Information Security curricula. International Journal of Information and Communication Technology Education, 12(1), 1-10. Van der Walt, C. (2017, April). The impact of nation-state hacking on commercial cyber-security. Retrieved June 14, 2017. Yurcik, B., & Doss, D. (2001). Ethical hacking: The security justification. Paper presented at Ethics of Electronic Information in the 21st Century Symposium. University of Memphis: Memphis.

Recommended Citation: Hartley, R., Iyer, L., Taylor, C. W., (2018). Ethical Hacking Skills: Review of Pedagogical Approaches and Recommendation of Best Practices. Proceedings of the EDSIG Conference, (2018) n.4790, Norfolk, Virginia