9th Colloquium for Information Systems Security Education.Georgia Institute of Technology Atlanta, Georgia, 6-9, June 2005
The 2005 CiSSE proceedings was produced for the Colloquium for Information Systems Security Education by The Printing House, Inc. Abstracting is permitted with credit to the source. Libraries are permitted to photocopy beyond the limit of U.S. copyright law for private use of patrons those articles in this volume that carry a code at the bottom of the first page. All rights reserved. Copyright ©2005 by the Colloquium for Information Systems Security Education.
Abstract – The formation of a new research and postgraduate education institute, the Information Security Institute (ISI), was proposed for the Queensland University of Technology in 2004. The ISI concept involves a collaborative research undertaking of the Faculty of Built Environment and Engineering (BEE), the Faculty of Business (BUS), the Faculty of Information Technology (IT), and the Faculty of Law (LAW). The formation of the ISI was put forward as the next logical step in consolidating the already acknowledged expertise that the university had developed in all aspects of information security over the past 16 years. The ISI has been established to pursue multi-disciplinary research in technology, legal, policy and governance issues related to all aspects of information security and assurance.
Abstract—The East Stroudsburg University of Pennsylvania undergraduate Computer Security Program is offered as a model for colleges and universities who would like to incorporate information assurance education, and perhaps a new degree program, into their existing computer science programs. The lessons learned by the faculty involved in the ESU program will be illustrated.
Abstract – The Software Engineering Institute1 (SEI) seeks to transition courseware, materials and a survivability and information assurance curriculum to various departments at institutions of higher education, with a particular focus on Minority Serving Institutions (MSIs) and community colleges. Rather than build an infrastructure to accomplish this, the SEI utilizes partnerships which leverage the strengths of the SEI and the strengths of the partner educational institutions and builds upon existing trusted relationships and infrastructure, and sustains the incorporation of new and evolving materials. Leveraging other complementary programs, events and organizations broadens the offering and makes it more cost effective to all parties concerned. Over the past three years, the SEI has developed a four-pronged approach for its educational outreach in information assurance, with the goal of increasing the educational IA capacity.
Abstract – The development of best practices and checklists to improve system security has popularized techniques and technologies for strengthening systems. These techniques provide a basis for teaching the importance of assumptions in computer and information security, and the necessity of questioning them. We present an example of analyzing a set of security guidelines to determine the underlying assumptions, and give examples of how to demonstrate the importance of the assumptions to the effectiveness of the guidelines.
Abstract – In 2004, a workshop was held in San Antonio, TX to discuss the possibility of establishing a national collegiate cyber security competition. Academicians and students from across the nation were invited to discuss the possibility and to share their ideas on how such a competition should be conducted. A report was generated later that year detailing the recommendations from that workshop. Several of the participants from Texas schools agreed at the competition to develop a regional competition and to conduct it the next academic year. This paper discusses the resulting Collegiate Cyber Defense Competition.
Abstract - In developing a new set of courses in Information Assurance at Penn State University’s School of Information Science and Technology, a group of upperclassmen with previous Information Assurance experience were recruited by professors to develop a series of educational lab assignments. These labs were developed using Problem Based Learning concepts encouraging student understanding and exploration as opposed to a more step-by-step and purely methodical approach. In conjunction these students were responsible for creating a network environment as a platform for these labs that would also be capable of supporting undergraduate research of Information Security issues.
Abstract: Information Security courses such as Network Security and Database Security require the need for students to test the concepts taught. In order to develop effective countermeasures the students must first learn about the effects of attacks on networks. In a live network of an academic institution it is impossible to provide such a facility for testing and development. A stand-alone Information Security Lab was envisioned for this purpose and was developed over the past two years.
Abstract - Network and computer courses need dedicated laboratories for students to carry out hands-on assignments and course projects. Typically, these projects require each student to be given administrative access to an entire, isolated network of computers. The obvious approach of creating one dedicated physical network for each student is prohibitively expensive, both in terms of hardware costs, as well as the management overhead in setting up and administering these networks. We have therefore developed a platform where logically isolated virtual networks of computers can be set up very easily. The platform greatly simpli es administration of virtual networks by automating the startup and shutdown of these networks.
Abstract - One of the main impediments to establishing an IA program is the requirement of a laboratory facility that will reinforce concepts taught in class with hands-on experiences. This is due to the fact that an IA lab is difficult to build and maintain as it needs to be dedicated and isolated and cannot be part of a general purpose campus laboratory. Many schools cannot a®ord a separate labora- tory just for an IS course. In this paper we present the design of a virtual laboratory that will allow multiple insti- tutions to share one physical laboratory. This design was done as part of an NSF capacity building project to establish a centralized laboratory facility at Polytechnic that can be used by schools in the tri-state area surrounding NY City.
Abstract – In December 2001 a meeting of interested parties from fifteen four-year IT programs from the US along with representatives from IEEE, ACM, and ABET (CITC-1) began work on the formalization of Information Technology as an accredited academic discipline. The effort has evolved into SIGITE, the ACM SIG for Information Technology Education. During this period three main efforts have proceeded in parallel: 1) Definition of accreditation standards for IT programs, 2) Creation of a model curriculum for fouryear IT programs, and 3) Description of the characteristics that distinguish IT programs from the sister disciplines in computing.