Giving Failure a Place in Information Security: Teaching Students to Use the Post- Mortem as a Way to Improve Security

Author:
Patricia Logan, Ph.D., Tracy Christofero, Ph.D.
File Size:
325.74 kB
Date:
01 July 2009
Downloads:
823 x

Despite state-of-the-art technologies and enhanced organizational policies, the security of corporate data is not a guarantee. The possibility of the failure of security, however, is. Given the certainty of failure, it is surprising that information security curricula do not include post-incident reviews to gather the lessons learned from failure and to better prepare students to enter the workforce ready to plan for and manage security incidents.This paper proposes that undergraduate and graduate courses in information security include the topic of failure, and address the performance of a post-incident (post-mortem) review as a best practice.

Giving Failure a Place in Information Security: Teaching Students to Use the Post- Mortem as a Way to Improve Security