Information security is a growing part of the information technology function in an organization. Higher learning institutions generally do not provide much "hands-on" exposure to information security concepts due to costs, internal information security concerns, and a lack of worthwhile exercises that cater to students. We have created a collaborative virtual computer laboratory (CVCLAB) that seeks to leverage a large group of virtual computers together with specially designed laboratory exercises in order to create a learning environment for information security. We studied the impact of collaborative work on student learning using controlled experiments in the CVCLAB. In this paper, we are investigating how to best utilize the virtual computers for teaching information security debating such issues as whether learning is greater when exercises are conducted in groups or as individuals. We developed a research model based on Kolb's Experiential Learning Theory and used an exploratory factor analysis to answer the research questions.