Yes, I strongly belief that teaching CIS students how to hack so that they can prevent hacking is ethical. One of the ACM Moral Imperatives notes that 'educational opportunities are essential to facilitate optimal participation of all organizational members. Opportunities must be available to all members to help them improve their knowledge and skills in computing, including courses that familiarize them with the consequences and limitations of particular types of systems.' Teaching CIS students how to hack upholds this principle. Furthermore, teaching them to prevent hacking means that we would be able to prevent one of the downfalls that the internet has brought about. In addition, through the approach of teaching students, we may also encourage research on how to prevent black hat hacking. An example would be making an institution that teaches students how to hack while allowing for extensive research on how to prevent black hat hacking and improve computer and network security systems.
From an ethical perspective, the reasons I support this issue is very similar to why I support ethical hacking. As noted in question 1, according to Brinkman, consequentialism is used to denote any theory of ethics that holds the consequence of an action, not motivation behind the action, makes the action good or bad. Teaching CIS students how to hack so that they can prevent hacking may lead to the prevention of data theft or fraud, making it a reasonable approach according to consequentialist theory. Furthermore, as noted above Spinello mentioned that utilitarian theory suggests that the right course of action is to promote the general good. If we teach students how to hack so that they can prevent hacking, we are encouraging the prevention of black hat hacking which promotes the general good in a society. In conclusion, I support the issue of teaching CIS students how to hack so that they can prevent hacking because it promotes the general good of a society according to the utilitarian theory, and its consequence may lead to the prevention of data theft or fraud.