Security research published in academic journals rarely finds its way to the business community or into the classroom. Even though the research is of high quality, it is written in a manner that is difficult to read and to understand. This paper argues that one way to get this academic research into the business community is to incorporate it into security classrooms. To do so, however, academic articles need to be adapted into a classroom-friendly format. This paper suggests ways to do this and provides an example of an academic article that was adapted for use in a security management class.
Alter, S. (2001). "Recognizing the Relevance of IS Research and Broadening the Appeal and Applicability of Future Publications." Communications of the Association for Information Systems, 6(3): 1-9.
Bennis, W. G. and O'Toole, J. (2005). "How Business Schools Lost Their Way." Harvard Business Review March: 96-104.
Boukhonine, S., Krotov V., and Rupert, B. (2005). "Future Security Approaches to Biometrics." Communications of the Association for Information Systems, 16(48).
Cappel, J. J. and Schwager, P.H. (2002). "Writing IS Teaching Cases: Guidelines for JISE Submissions." Journal of Information Systems Education, 13(4): 287-293.
Cavusoglu, H., Mishra, B., Raghunathan, S. (2005). "The Value of Intrusion Detection Systems in Information Technology Security Architecture." Information Systems Research, 16(1): 28-46.
Dhillon, G. (2001). "Violation of Safeguards by Trusted Personnel and Understanding Related Information Security Concerns." Computers & Security, 20(2): 165-172.
Dhillon, G. and Moores, S. (2001). "Computer crimes: theorizing about the enemy within." Computers & Security, 20(8): 715-723.
Dhillon, G., Silva, L., and Backhouse, J. (2004). "Computer Crime at CERORMA: a case study." International Journal of Information Management, 24(6).
Dillon, R. L. (2003). “Including Technical and Security Risks in the Development of Information Systems: A Pragmatic Risk Management Model.” Proceedings of the 24th International Conference on Information Systems, Seattle, WA.
Gal-Or, E. and Ghose, A. (2005). "The Economic Incentives for Sharing Security Information." Information Systems Research, 16(2): 186-208.
Hsu, C. and Backhouse, J. (2002). "Information Systems Security Education: Redressing the Balance of Theory and Practice." Journal of Information Systems Education, 13(3): 211-218.
Ives, B. and Krotov, V. (2006). "Anything You Say Can Be Used Against You in a Court of Law: Data Mining in Search Archives." Communications of the Association for Information Systems, 19(29).
Junglas, I. and Ives, B. (2007). "Recovering IT in a Disaster: Lessons from Hurricane Katrina." MISQ Executive, 6(1).
Kayworth, T., Brocato, L. Whitten, D. (2005). "What is a Chief Privacy Officer? An analysis based on Mintzberg's Taxonomy of Managerial Roles." Communications of the Association for Information Systems, 16(6).
Keen, P. (1991). “Relevance and Rigor in IS Research: Improving Quality, Confidence, Cohesion and Impact”, in Information Systems Research: Contemporary Approaches and Emergent Traditions, eds. H. E. Nissen, H. K. Klein and R. Hirshheim. Amsterdam, Elsevier Science, IFIP.
Kendall, K. E., Kendall, J.E., Lee, K. (2005). "Understanding Disaster Recovery Planning through a Theater Metaphor: Rehearsing for a show that might not open." Communications of the Association for Information Systems, 16(51).
Nevill, N. and Wood-Harper, T. (2001). "Choice of Target Audience for IS Research: Reflections on Discussions with IS Academic Leaders in the UK." Communications of the Association for Information Systems, 54(4): 1-37.
Siponen, M. and Iivari, J. (2006). "Six Design Theories for IS Security Policies and Guidelines." Journal of the Association for Information Systems, 7(7): 445-472.
Sirias, D. (2002). "Writing MIS Mini-Cases To Enhance Cooperative Learning: A Theory of Constraints Approach." Journal of Information Systems Education, 13(4): 351-356.
Straub, D. and Welke, R. (1998). "Coping With Systems Risk: Security Planning Models for Management Decision Making." MIS Quarterly, 22(4): 441-469.
Taylor, R. G. (2006). “Management Perception of Unintentional Information Security Risks.” Twenty-seventh International Conference on Information Systems, Milwaukee, WI.
Taylor, Richard G.
"Making Molehills Out of Mountains: Bringing Security Research to the Classroom,"
Journal of Digital Forensics, Security and Law: Vol. 2
, Article 3.
Available at: http://commons.erau.edu/jdfsl/vol2/iss4/3