Ethical hacking in information security curricula

Zouheir Trabelsi, Margaret McCoey

Research output: Contribution to journalArticlepeer-review

12 Citations (Scopus)


Teaching offensive security (ethical hacking) is becoming a necessary component of information security curricula with a goal of developing better security professionals. The offensive security components extend curricula beyond system defense strategies. This paper identifies and discusses the learning outcomes achieved as a result of hands-on lab exercises which focus on attacking systems. The paper includes the ethical implications associated with including such labs. The discussion is informed by analyses of log data on student malicious activities, and student survey results. The examination of student behavior after acquiring these skills demonstrates that there is potentially a high risk of inappropriate and illegal behavior associated with this type learning. While acknowledging these risks and problems, the paper recommends that curricula should opt for a teaching approach that offers students both offensive and defensive hands-on lab exercises in conjunction with lecture material. The authors propose steps to minimize the risk of inappropriate behavior and reduce institutional liability.

Original languageEnglish
Pages (from-to)1-10
Number of pages10
JournalInternational Journal of Information and Communication Technology Education
Issue number1
Publication statusPublished - Jan 1 2016


  • Ethical Hacking
  • Ethical Implications
  • Information Security Curriculum
  • Offensive Security Techniques

ASJC Scopus subject areas

  • Education
  • Computer Science Applications


Dive into the research topics of 'Ethical hacking in information security curricula'. Together they form a unique fingerprint.

Cite this