Teaching Information Security in Business Schools: Current Practices and a Proposed Direction for the Future

The growing importance of information security as a business issue has encouraged instructors to extend their courses beyond a hands-on, technical model to one that considers managerial and risk-based issues. In business schools, this shift has presented the pedagogical challenge of balancing the technical content fundamental to information security with the managerial content that the profession increasingly values. To draw on the best practices currently being undertaken in the classroom, we examine 44 information security course syllabi from business and other schools (i.e., computer science, engineering, information science, law, and mathematics). Using a qualitative approach, we identify the definitive technical and managerial-focused aspects of information security courses. Based on the results, we propose an introductory information security course that balances technical and non-technical content for business school students and that integrates the most innovative techniques used by today’s information security instructors.