簡易檢索 / 詳目顯示

研究生: 魏靖蓉
Wei, Ching-Jung
論文名稱: 實務導向資訊安全教學之探討-引入業界講師與社交學習對資訊安全學習之影響
The design and implementation of practice-oriented instruction for information security – the effects of instructors from industry and social learning on information security learning
指導教授: 林育慈
Lin, Yu-Tzu
學位類別: 碩士
Master
系所名稱: 資訊教育研究所
Graduate Institute of Information and Computer Education
論文出版年: 2019
畢業學年度: 107
語文別: 中文
論文頁數: 87
中文關鍵詞: 實務導向教學資訊安全教育業界講師社交學習
英文關鍵詞: Practice-oriented instruction, Information security education, Industry instructors, Social learning
DOI URL: http://doi.org/10.6345/NTNU201900563
論文種類: 學術論文
相關次數: 點閱:211下載:16
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報
  • 資訊科技迅速發展,隨之而來的是,資訊安全的議題不斷地被討論並逐漸重視,在各項產業的影響亦十分巨大,然而資訊安全技術日新月異,學校的資訊安全教育卻偏重於傳統的理論講授,較無法完整涵蓋現下實體世界所需的實務技能,因此無法完整培養學生資訊安全的實務能力。
    為了培養符合業界需求的資安人才,本研究提出資訊安全教育實務導向教學,在動手實作的課程中引進業界講師並加入社交學習的活動。研究設計兩種資安實務導向課程,分別進行兩次實驗。實驗一的資訊安全實務工作坊在七天的全業界講師課程中探討動手實作與業界講師對學生的影響,其後根據實驗一的結果,在為期一學期的實驗二之資訊安全實務選修課程中再加入社交學習環境,探討動手實作、業界講師、觀摩環境、合作環境、競爭環境對學生學習成效與學習態度的影響。
    本研究透過測驗與問卷評估學生於態度與資安能力上的改變,實驗結果發現:動手實作的課程能提升學生對資安理論與實務的重視度與學習興趣,業師帶領的資安實務課程能讓學生接觸最新議題與技術,以及瞭解就任資安相關工作需具備的能力。而社交學習環境中,學生透過競爭環境提升主動學習的動機,而聊天室則可讓不同看法與專長的學生相互交流進行學習。
    相關研究發現能對資訊安全教育提供實際的建議,實務導向教學透過動手實作課程和引入業界講師與社交學習環境,可提升學生學習資訊安全理論與實務的態度和自我效能,進一步能提出未來資訊安全或其他工程教育上,實施動手實作課程、引入業界講師與社交學習環境之實務導向教學的可行方案。

    With the rapid development of information technology, the issue of information security is being valued and constantly discussed, having a great impact in various industries as well. However, while the information security technology is changing with each passing day, its instruction is still based on traditional theories, which cannot fully foster students’ abilities and practical skills required in the authentic world and workplace.
    To implement a practical instruction of information security, this study propose practice-oriented education with instructors from industry and social learning in hands-on activity. We design two practice-oriented course for two experiments. In the first experiment, a seven-day practice-oriented information security workshop was implemented, and the effects of hands-on learning activities and industry instructors on students learning were explored . The second experiment was conducted in a one-semester information security course, in which social leanring strategies were included to enhance students’ interaction. The effects of hands-on activities, industry instructors, and social learning environment on students’ learning were studied.
    This study evaluated students’ abilities of information security and leaning attitudes through examinations, projects, and questionnaires. The research results show that students agreed more with the importance of both theoretical and practical aspects of information security and were more interested in them after hands-on learning. The real-world experiences from the industry instructors provided students with access to the latest issues and technologies in the field of information security. In the social learning environment, students’ motivation was promoted by active learning in the competitive activities. In the chatroom, students having diverse and divergent opinions or expertise could communicate with each other.
    The findings of this research could provide suggestions about the design and implementation of practice-oriented instruction for information security by applying hands-on activities and social learning, and introducing industry instructors.

    摘要 I 誌謝 IV 表目錄 VII 圖目錄 VIII 第一章 緒論 1 第一節 研究背景與動機 1 第二節 研究目的 4 第三節 名詞釋義 5 第二章 文獻探討 9 第一節 資訊安全教育 9 第二節 實務導向教學 11 第三節 社交學習 14 第三章 研究方法及研究限制 16 第一節 研究設計與架構 16 第二節 研究實驗參與者 17 第三節 研究程序 18 第四節 研究工具 27 第五節 研究限制 37 第六節 資料蒐集與分析 38 第四章 分析結果與討論 41 第一節 資安實務工作坊 41 第二節 資安實務選修課程 49 第三節 綜合討論 68 第五章 結論與建議 74 第一節 結論 74 第二節 建議 76 參考文獻 78 附錄一 資訊安全基礎能力測驗逆向工程題目 81 附錄二 資訊安全成就能力測驗逆向工程題目 82 附錄三 資訊安全態度問卷題目 83

    中文部份

    黃彥棻(2016年1月17日)。一次看懂CTF資安攻防賽。2018年11月10日,取自:https://www.ithome.com.tw/news/102969
    趙正宇, & 李倫銓. (2014). CTF 攻防競賽平台設計. 資訊安全通訊, 20(4), 54-58.

    英文部份

    Araujo, F., Shapouri, M., Pandey, S., & Hamlen, K. (2015, August). Experiences with honey-patching in active cyber security education. In Proceedings of the 8th Workshop on Cyber Security Experimentation and Test (CSET).
    Bandura, A, Ross, D & Ross, S.A (1963). Vicarious Rienforcement and Imitative Learning. Journal of Abnormal and Social Psychology, 67(6), 601-607.
    Brewer, M. (1990). Sandwich Courses, United Kingdom. Journal of Cooperative Education, 26(2), 14-22.
    Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS quarterly, 34(3), 523-548.
    Burguillo, J. C. (2010). Using game theory and competition-based learning to stimulate student motivation and performance. Computers & Education, 55(2), 566-575
    Chen, L. C., & Lin, C. (2007, June). Combining theory with practice in information security education. In Proceedings of the 11th Colloquium for Information Systems Security Education (pp. 167-171).
    Conklin, A. (2006, January). Cyber defense competitions and information security education: An active learning solution for a capstone course. In System Sciences, 2006. HICSS'06. Proceedings of the 39th Annual Hawaii International Conference on (Vol. 9, pp. 220b-220b). IEEE.
    Cox, K. (1997). Work-based learning. British journal of hospital medicine, 57(6), 265-269.
    Cynthia B. Edmond(2001). A new paradigm for practice education. Nurse Educ Today,21(4),251-9.
    Eagle, C. (2013). Computer security competitions: Expanding educational outcomes. IEEE Security & Privacy, 11(4), 69-71.
    EDUCAUSE (2014). The future of mobile computing, 04/2011, accessed in Nov. 2014, http://net.educause.edu/ir/library/pdf/ESPNT1b.pdf.
    Hill, J., Carver Jr, C. A., Humphries, J. W., & Pooch, U. W. (2001, February). Using an isolated network laboratory to teach advanced networks and security. In ACM SIGCSE Bulletin (Vol. 33, No. 1, pp. 36-40). ACM.
    Jenkins, H. (2008). Convergence Culture: La cultura de la convergencia de los medios de comunicación [Convergence culture: Where old and new media collide].(P. Hermida Lazcano, Trans.) Buenos Aires.
    Kim, B.-H., Kim, K.-C., Hong, S.-E., & Oh, S.-Y. (2017). Development of cyber information security education and training system. Multimedia Tools & Applications, 76(4), 6051–6064.
    Loveland, S. (2011). Human computer interaction that reaches beyond desktop applications, Proc. of the 42nd ACM Tech. Symposium Computer Science Education (SIGCSE 11), 2011, pp. 595–600.
    Raush, H. L., Barry, W. A., Hertel, R. K., & Swain, M. A. (1974). Communication conflict and marriage. Jossey-Bass.
    Renuga, M., & Ezhilan, S. (2014). Soft Skills: A Professional Development Curriculum to Enhance the Employability of Engineering Students. Language in India, 14(4), 82–130.
    Rhee, H. S., Kim, C., & Ryu, Y. U. (2009). Self-efficacy in information security: Its influence on end users' information security practice behavior. Computers & Security, 28(8), 816-826.
    Sanz-Martos, Sandra; Reig-Hernández, Dolors (2013). “El aprendizaje social y los profesionales de la información”. El profesional de la información, noviembre-diciembre, v. 22, n. 6, pp. 545-553.
    Serapiglia, A. (2016). The Case for Inclusion of Competitive Teams in Security Education. Information Systems Education Journal, 14(5), 25.
    Siponen, M. T. (2000). A conceptual foundation for organizational information security awareness. Information Management & Computer Security, 8(1), 31-41.
    Straub, D. W., & Welke, R. J. (1998). Coping with systems risk: security planning models for management decision making. MIS quarterly, 441-469.
    Tabor, S. W. (2007). NARROWING THE DISTANCE. Quarterly Review of Distance Education, 8(1).
    Trabelsi, Z., Al Matrooshi, M., Al Bairaq, S., Ibrahim, W., & Masud, M. M. (2017). Android based mobile apps for information security hands-on education. Education and Information Technologies, 22(1), 125-144.
    Whitman, M. E. (2003). Enemy at the gate: threats to information security. Communications of the ACM, 46(8), 91-95.
    Whitman, M. E., & Mattord, H. J. (2004, October). Designing and teaching information security curriculum. In Proceedings of the 1st annual conference on Information security curriculum development (pp. 1-7). ACM.
    World University Service Austria. Practice-oriented Education. 2019, Jenuary, 16th, Retrieved from: https://www.wus-austria.org/subtarget/0/36.html
    Wright, M. A. (1998). The need for information security education. Computer Fraud & Security, 1998(8), 14-17.
    Xu, L., Huang, D., & Tsai, W. T. (2014). Cloud-based virtual laboratory for network security education. IEEE Transactions on Education, 57(3), 145-150.

    下載圖示
    QR CODE