A teaching prototype for educating IT security engineers in emerging environments

Many enterprises today do not have an information security program or anyone on staff who can help them manage the escalating security risks. Computer science, information technology (IT) and information systems see an urgent need to train students in Internet security but have limited or untrained resources available to enhance their curricula. Perceiving that students best learn information security by doing it, the IT program at Brigham Young University elected to initiate a security emphasis in its instruction by creating security courses and an experimental security laboratory. Students collaboratively prepare lectures and labs as part of an IT security teaching model. Their enthusiasm in using the security lab as a playground follows a pedagogical approach of active learning and persistent student-led teams. Students have architected, administered and operated two lab concepts, namely, (a) an isolated Sandbox security tab, and (b) a prototype network that could serve as a simple model for a small university and which does have external Internet connectivity that offers features for extensive wired and wireless deployment. Students created the security best practices and student security team used to manage this on-going, active experimental environment that served as the test-bed for evaluating security projects that deal with network hardening, vulnerability and intrusion prevention issues. This security teaching model served, and continues to serve, as a prototype for facilitating the education and preparation of urgently needed security engineers in emerging environments worldwide.