Case-based learning (CBL) approaches are critical to the education of tomorrow’s executives and managers. CBL instigates critical discussion, draws out relevant experiences from students, encourages questioning of accepted practices, and creates dialogue between theory and practice. There is unfortunately a lack of quality teaching resources to support CBL in information security management (ISM). In this paper, we address this need by developing, refining, and evaluating a teaching case of a hypothetical firm that suffers a catastrophic incident of intellectual property (IP) theft. Protecting IP is both complex and expensive as it involves developing enterprise-wide security mechanisms for the people, process, and technology dimensions of organizations. We drew the plot, narrative, characterization, dilemmas, and conflict from two landmark legal cases to focus on the three key areas of organizational security as defined by the joint task force on cybersecurity education—risk management, planning and strategy, and policy and governance. Our case was used to teach information security to Management Information Systems students enrolled in a Master’s Degree at the University of Melbourne, Australia. We subsequently developed a survey instrument to measure the utility of the teaching instrument for teaching. Survey data collected across 2 consecutive years indicated that students strongly agreed that the teaching case was relevant, realistic, engaging, challenging, and instructional.

基于案例的学习（CBL）方法对于明天的高管和经理的教育至关重要。CBL激发批判性讨论，从学生中汲取相关经验，鼓励质疑公认的实践，并在理论与实践之间进行对话。不幸的是，在信息安全管理（ISM）中缺乏支持CBL的高质量教学资源。在本文中，我们通过开发，完善和评估一个假设公司的教学案例来满足这种需求，该公司遭受了知识产权（IP）盗窃的灾难性事件。保护IP既复杂又昂贵，因为它涉及为组织的人员，流程和技术维度开发企业范围的安全机制。我们画了剧情，叙述，特征，困境，从两个具有里程碑意义的法律案件中，我们将重点放在组织安全的三个关键领域上，这三个领域是由网络安全教育联合工作组定义的，即风险管理，规划和策略以及政策和治理。我们的案例用于向在澳大利亚墨尔本大学攻读硕士学位的管理信息系统学生教授信息安全。随后，我们开发了一种测量仪器，以测量该教学仪器在教学中的效用。连续2年收集的调查数据表明，学生强烈同意该教学案例是相关的，现实的，引人入胜的，具有挑战性的和指导性的。以及政策和治理。我们的案例用于向在澳大利亚墨尔本大学攻读硕士学位的管理信息系统学生教授信息安全。随后，我们开发了一种测量仪器，以测量该教学仪器在教学中的效用。连续2年收集的调查数据表明，学生强烈同意该教学案例是相关的，现实的，引人入胜的，具有挑战性的和指导性的。以及政策和治理。我们的案例用于向在澳大利亚墨尔本大学攻读硕士学位的管理信息系统学生教授信息安全。随后，我们开发了一种测量仪器，以测量该教学仪器在教学中的效用。连续2年收集的调查数据表明，学生强烈同意该教学案例是相关的，现实的，引人入胜的，具有挑战性的和指导性的。