Ensemble View on Designing Pedagogical Online Information Security Laboratories

Sammanfattning: Distance education and e-learning in the field of information security is gaining popularity. An online information security programme is supposed to include plenty of hands-on exercises, but in most cases the lab experiments are unavailable to distance students that represent a challenge in online education. In information security education, virtual labs facilitate hands-on learning in distance education. An online information security lab is an artefact which involves a collection of systems and software used for teaching information security, and which is accessible through the Internet. However, the design, development and implementation of an online InfoSec lab has many challenges. This research is motivated from an on-going information security lab development initiative at Luleå University of Technology (LTU). Thus, the researcher focused on the question of how we can design a pedagogical online InfoSec lab which is flexible, usable and adapts to different educational contexts. The current literatureabout online InfoSec labs still lacks well-specified pedagogical approaches and concrete design principles. This hinders the accumulation of technical and pedagogical knowledge for the implementation and use of online educational InfoSec labs. Moreover, the literature focuses mainly on details of technical lab implementations, whereas the pedagogical elements of the curriculum and the rationale behind them were ignored. This leads to inadequate guidance about how the instructor and the learner can make use of the lab to pedagogically align the course objectives, teaching / learning activities and assessment methods. In order to design an online InfoSec lab to improve flexible hands-on education and security skills development the Action design research (ADR) approach was chosen. The ultimate goal is to design an ensemble IT artefact as a result of emerging design, use, and refinement in context through continuous interaction between technology and organization during the design process. Following the IT-dominant BIE process of ADR approach made it possible not only to develop the lab and instantiate it in different courses but also to formulate design principles and abstract the findings to a generalizable level. Furthermore, a framework for evaluation in design science research (FEDS) was adopted for evaluation purposes. The framework was used to conduct formative and summative evaluations. Feedback from all the stakeholders including teachers and students showed that the online InfoSec lab is a usable learning media for hands-on education from a distance. This research contributes by showing the design, development and implementation of an online InfoSec lab aimed at the improvement of hands-on education and evaluation of its use in context. Following technology as a development project perspective of an ensemble view, my research work at its current status contributes by serving two major purposes. First, this study proposed a conceptual design model of an online InfoSec lab comprising important building blocks or entities. The study conceptualizes the online InfoSec lab as an ensemble artefact. This study unfolded the black-box tools view of the lab so as to understand and explain the important building blocks (entities of the lab), and the interrelationships of the entities. This study provides conceptual clarity given the existing literature on online InfoSec labs, by recognizing the stakeholders and explaining their roles for each entity in the proposed conceptual model of an online InfoSec lab; this is a view which has not been recognized or discussed in similar earlier works. Second, the study suggests design principles for implementing a conceptual model of an online InfoSec lab in different educational contexts. The emerging design principles were shaped during this research work together with the other stakeholders. The design principles such as Contextualization based on programme goals, Contextualization based on course goals, Pedagogical alignment of lab activities, Flexible learning, Collaborationamong lab stakeholders, Scalability, User friendly interface with properly arranged resources and targets and Isolate the InfoSec lab incorporate the socio-technical perspective, which ensures that the resulting artefact developed using these principles should be an ensemble artefact. The design principles can provide support to practically construct, implement and test the online InfoSec lab. The study introduced a productive learning media (InfoSec lab) that is designed to meet the active learning preferences of distance learners of information security, such as support for flexible and individualized hands-on learning. Practitioners wishing to include lab activities in their courses and programmes can utilize this knowledge to understand fully how much human and technical resources are needed to design the lab and conduct exercises.