資訊科技迅速發展，隨之而來的是，資訊安全的議題不斷地被討論並逐漸重視，在各項產業的影響亦十分巨大，然而資訊安全技術日新月異，學校的資訊安全教育卻偏重於傳統的理論講授，較無法完整涵蓋現下實體世界所需的實務技能，因此無法完整培養學生資訊安全的實務能力。
為了培養符合業界需求的資安人才，本研究提出資訊安全教育實務導向教學，在動手實作的課程中引進業界講師並加入社交學習的活動。研究設計兩種資安實務導向課程，分別進行兩次實驗。實驗一的資訊安全實務工作坊在七天的全業界講師課程中探討動手實作與業界講師對學生的影響，其後根據實驗一的結果，在為期一學期的實驗二之資訊安全實務選修課程中再加入社交學習環境，探討動手實作、業界講師、觀摩環境、合作環境、競爭環境對學生學習成效與學習態度的影響。
本研究透過測驗與問卷評估學生於態度與資安能力上的改變，實驗結果發現：動手實作的課程能提升學生對資安理論與實務的重視度與學習興趣，業師帶領的資安實務課程能讓學生接觸最新議題與技術，以及瞭解就任資安相關工作需具備的能力。而社交學習環境中，學生透過競爭環境提升主動學習的動機，而聊天室則可讓不同看法與專長的學生相互交流進行學習。
相關研究發現能對資訊安全教育提供實際的建議，實務導向教學透過動手實作課程和引入業界講師與社交學習環境，可提升學生學習資訊安全理論與實務的態度和自我效能，進一步能提出未來資訊安全或其他工程教育上，實施動手實作課程、引入業界講師與社交學習環境之實務導向教學的可行方案。

With the rapid development of information technology, the issue of information security is being valued and constantly discussed, having a great impact in various industries as well. However, while the information security technology is changing with each passing day, its instruction is still based on traditional theories, which cannot fully foster students’ abilities and practical skills required in the authentic world and workplace.
To implement a practical instruction of information security, this study propose practice-oriented education with instructors from industry and social learning in hands-on activity. We design two practice-oriented course for two experiments. In the first experiment, a seven-day practice-oriented information security workshop was implemented, and the effects of hands-on learning activities and industry instructors on students learning were explored . The second experiment was conducted in a one-semester information security course, in which social leanring strategies were included to enhance students’ interaction. The effects of hands-on activities, industry instructors, and social learning environment on students’ learning were studied.
This study evaluated students’ abilities of information security and leaning attitudes through examinations, projects, and questionnaires. The research results show that students agreed more with the importance of both theoretical and practical aspects of information security and were more interested in them after hands-on learning. The real-world experiences from the industry instructors provided students with access to the latest issues and technologies in the field of information security. In the social learning environment, students’ motivation was promoted by active learning in the competitive activities. In the chatroom, students having diverse and divergent opinions or expertise could communicate with each other.
The findings of this research could provide suggestions about the design and implementation of practice-oriented instruction for information security by applying hands-on activities and social learning, and introducing industry instructors.

中文部份

黃彥棻（2016年1月17日）。一次看懂CTF資安攻防賽。2018年11月10日，取自：https://www.ithome.com.tw/news/102969
趙正宇, & 李倫銓. (2014). CTF 攻防競賽平台設計. 資訊安全通訊, 20(4), 54-58.

英文部份

Araujo, F., Shapouri, M., Pandey, S., & Hamlen, K. (2015, August). Experiences with honey-patching in active cyber security education. In Proceedings of the 8th Workshop on Cyber Security Experimentation and Test (CSET).
Bandura, A, Ross, D & Ross, S.A (1963). Vicarious Rienforcement and Imitative Learning. Journal of Abnormal and Social Psychology, 67(6), 601-607.
Brewer, M. (1990). Sandwich Courses, United Kingdom. Journal of Cooperative Education, 26(2), 14-22.
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS quarterly, 34(3), 523-548.
Burguillo, J. C. (2010). Using game theory and competition-based learning to stimulate student motivation and performance. Computers & Education, 55(2), 566-575
Chen, L. C., & Lin, C. (2007, June). Combining theory with practice in information security education. In Proceedings of the 11th Colloquium for Information Systems Security Education (pp. 167-171).
Conklin, A. (2006, January). Cyber defense competitions and information security education: An active learning solution for a capstone course. In System Sciences, 2006. HICSS'06. Proceedings of the 39th Annual Hawaii International Conference on (Vol. 9, pp. 220b-220b). IEEE.
Cox, K. (1997). Work-based learning. British journal of hospital medicine, 57(6), 265-269.
Cynthia B. Edmond(2001). A new paradigm for practice education. Nurse Educ Today,21(4),251-9.
Eagle, C. (2013). Computer security competitions: Expanding educational outcomes. IEEE Security & Privacy, 11(4), 69-71.
EDUCAUSE (2014). The future of mobile computing, 04/2011, accessed in Nov. 2014, http://net.educause.edu/ir/library/pdf/ESPNT1b.pdf.
Hill, J., Carver Jr, C. A., Humphries, J. W., & Pooch, U. W. (2001, February). Using an isolated network laboratory to teach advanced networks and security. In ACM SIGCSE Bulletin (Vol. 33, No. 1, pp. 36-40). ACM.
Jenkins, H. (2008). Convergence Culture: La cultura de la convergencia de los medios de comunicación [Convergence culture: Where old and new media collide].(P. Hermida Lazcano, Trans.) Buenos Aires.
Kim, B.-H., Kim, K.-C., Hong, S.-E., & Oh, S.-Y. (2017). Development of cyber information security education and training system. Multimedia Tools & Applications, 76(4), 6051–6064.
Loveland, S. (2011). Human computer interaction that reaches beyond desktop applications, Proc. of the 42nd ACM Tech. Symposium Computer Science Education (SIGCSE 11), 2011, pp. 595–600.
Raush, H. L., Barry, W. A., Hertel, R. K., & Swain, M. A. (1974). Communication conflict and marriage. Jossey-Bass.
Renuga, M., & Ezhilan, S. (2014). Soft Skills: A Professional Development Curriculum to Enhance the Employability of Engineering Students. Language in India, 14(4), 82–130.
Rhee, H. S., Kim, C., & Ryu, Y. U. (2009). Self-efficacy in information security: Its influence on end users' information security practice behavior. Computers & Security, 28(8), 816-826.
Sanz-Martos, Sandra; Reig-Hernández, Dolors (2013). “El aprendizaje social y los profesionales de la información”. El profesional de la información, noviembre-diciembre, v. 22, n. 6, pp. 545-553.
Serapiglia, A. (2016). The Case for Inclusion of Competitive Teams in Security Education. Information Systems Education Journal, 14(5), 25.
Siponen, M. T. (2000). A conceptual foundation for organizational information security awareness. Information Management & Computer Security, 8(1), 31-41.
Straub, D. W., & Welke, R. J. (1998). Coping with systems risk: security planning models for management decision making. MIS quarterly, 441-469.
Tabor, S. W. (2007). NARROWING THE DISTANCE. Quarterly Review of Distance Education, 8(1).
Trabelsi, Z., Al Matrooshi, M., Al Bairaq, S., Ibrahim, W., & Masud, M. M. (2017). Android based mobile apps for information security hands-on education. Education and Information Technologies, 22(1), 125-144.
Whitman, M. E. (2003). Enemy at the gate: threats to information security. Communications of the ACM, 46(8), 91-95.
Whitman, M. E., & Mattord, H. J. (2004, October). Designing and teaching information security curriculum. In Proceedings of the 1st annual conference on Information security curriculum development (pp. 1-7). ACM.
World University Service Austria. Practice-oriented Education. 2019, Jenuary, 16th, Retrieved from: https://www.wus-austria.org/subtarget/0/36.html
Wright, M. A. (1998). The need for information security education. Computer Fraud & Security, 1998(8), 14-17.
Xu, L., Huang, D., & Tsai, W. T. (2014). Cloud-based virtual laboratory for network security education. IEEE Transactions on Education, 57(3), 145-150.