Papers
All too often colleges and universities are viewed in the security community as weak links that are easily exploited by those intent on causing harm or disruption to networks connected to the Internet. As such, they are often viewed as Internet pariahs, outcasts on the Internet not conforming to the accepted rules of behavior in terms of securing their infrastructures. This does not have to be the case, however, and colleges and universities can actually become community leaders in security. This paper discusses how an academic institution can take a prominent role in the community through leadership in a community cyber security exercise. The paper describes the Dark Screen exercise conducted in San Antonio, Texas and the university’s role in conducting this and other exercises.
As Information Security and Assurance programs are designed and implemented throughout the country, many academicians begin to struggle with the development of this new and exciting curriculum. Information Security represents an area distinct from traditional Information Systems, Computer Science or Information Technology fields, yet shares some of the same challenges in managing a technology based field. Those not familiar with the specifics of the Information Security professional will find it difficult to develop curriculum without outside support. The purpose of this draft model curriculum is to provide best practices and lessons learned from a study of numerous programs throughout the country. It is an ongoing project that welcomes outside input.
Within the last two decades, Federal agencies have been directed to engage in large-scale change efforts to develop and implement IT security programs that protect organizational assets. These efforts have been guided by regulations such the Federal Information Security Management Act (FISMA) and Office of Management and Budget Circular A-130, Appendix III, each of which specify that programs must be designed and executed immediately. All too often, program development efforts focus on compliance with these regulations and do not take action that supports changing cultural values. This paper advocates Federal agencies taking an approach to program development that reaches beyond compliance and enables cultural change. In doing so, this paper discusses how individual behavior change and organization-wide cultural change occur. Finally, the paper provides a step-by-step process for establishing a communications element within the IT security program to enable lasting change.
At the 7th Annual CISSE conference, 2003, a case study was presented regarding adding information assurance to the curriculum of a small private university in the Pacific Northwest with only a moderate budget and without hiring additional permanent faculty. In this paper, we continue to describe the evolution of that curriculum, this time describing the challenges of finding the best way to teach computer forensics, a cross-discipline subject that requires not only technical expertise, but an understanding of the relevant legal and evidence-collecting guidelines that govern a computer forensics investigation. This paper discusses strategies used to design a computer forensics course that combines all of the necessary elements in a way that actively engages students in their own learning. Using resources available within the community and building the course around a business game, the school was able to launch an enthusiastically received course. Central to the curriculum, the business game allowed students to learn while simulating a real world criminal investigation culminating in an actual courtroom where students used the products of their investigations to testify as "expert witnesses." The original stimulus to create this course came from an NSA Center of Excellence (University of Idaho) sponsored Computer Forensics Workshop that encouraged universities with an information assurance track to introduce courses in Computer Forensics. The lessons learned from this effort could prove useful to other universities contemplating similar attempts.
This paper discusses the trends in crime to utilize computer systems and the Internet and the resultant need for law enforcement to be knowledgeable about computer systems. Law enforcement’s education needs in electronic forensics is discussed, followed by the description of a masters program designed to give specific skills in the area of computer forensics and the associated technologies to meet those needs.
This paper responds to issues recently raised by Valli [1] and Schou [2] on the issues of the development of a modern undergraduate IT Security (Information Assurance) curriculum which links professional certification to academia. It details methods by which both industry standards, perspectives and research questions and also the (ISC)2 body of knowledge may be embedded in the undergraduate IT Security curriculum and thus both academia and the IT Security profession may be satisfied.
If we want to correlate alerts from various intrusion detection system (IDS) sources, its is necessary that the sources of alerts agree on what they actually are seeing, on how to report what they are seeing and on the amount of information they should report. In this paper, we review the Intrusion Detection Message Exchange Format (IDMEF) data model as an event data exchange mechanism and analyze how different correlation algorithms are being utilized in real-life systems. Based on these analyses, we propose a simple taxonomy of intrusion alert correlation algorithms, to complement the IDMEF data model.
This paper describes the methodology, implementation and results from the formation and execution of an undergraduate information assurance student group. In February 2001, our institution formed a student chapter of the Association for Computing Machinery’s Special Interest Group for Security, Audit and Control (ACM-SIGSAC) due to extensive interest by the student body in computer security and information assurance, as well as an awareness of the critical need by the faculty. This was the first information assurance student chapter formed out of the more than 600 ACM student organizations worldwide. The chapter was formed with an interdisciplinary approach in order to include a larger portion of the student body and thus influence a larger audience. This approach proved successful. Over the past three years, the group has grown from an idea to a vibrant organization of approximately 600 students. We believe that we have struck a chord with the students that merits examination. The primary goal of this paper is to provide a descriptive resource to educators who wish to implement a student information assurance group. It includes the purpose and methodology behind the formation of the group, our successes and failures, our lessons learned, and potential future directions.
Despite an urgent need to protect information in computer systems critical to business and government, the inadequacy of many security products combined with overmarketing and overstated claims leaves information managers with nowhere to turn. Cyber security education is needed to provide a population of individuals who can make sound choices for the operation and acquisition of information protection. A prerequisite is an adequate population of educators. We describe workshops intended to help educators new to the area of Information Assurance. The multiple objectives are: to identify key foundational topics to educators, to teach lessons learned regarding topics difficult to convey to students, and to create a sense of community among Information Assurance educators.
Education and training in the discipline of information assurance must allow for a dual approach to this activity. This dual approach becomes clear when the problem of “expert witnessing” in the information technology area during legal proceedings is considered. The basic concern lies in the need to clarify educational objectives against a background of two different and often opposing “market” demands on the education and training process as well as on the underlying discipline content. The two opposing “forces” may be categorized as firstly the “computer science and engineering (CSE)” or “base technology” approach while the second may be identified as the “information systems (IS)” or “business requirements” approach, mirroring the debate in the general IT education arena.
The blackout during the summer of 2003 proved that our critical infrastructures, e.g., power grid, are vulnerable! According to experts in the Department of Homeland Security (DHS), the likelihood of a blended attack---physical and cyber—on our nation is relatively high. This paper makes the case for educators and curriculum developers to broaden current Information Assurance –focused curriculum, concepts and pedagogies to include” Infrastructure Assurance.” This paper will do this by: (1) describing and discussing the notion of convergence theory--the next attack will be a blended attack of physical and cyber dimensions; (2) identifying the components that comprise the U.S Critical Infrastructure;(3) discussing the notion of “Infrastructure Assurance” and its role in current Information Assurance curriculum; and (4) using a regional water supply system scenario, provide a framework for developing a Critical Infrastructure Protection (CIP) strategy framework and pedagogically integrating Infrastructure Assurance into existing Information Assurance curriculum.
Teaching computer science at the university level presents areas of potential conflict with computer services and their responsibility for delivering a secure network environment. This conflict is particularly evident in the case of computer security study where the use of course related tools may violate Acceptable Use Policies (AUPs) for the university network. Computer Science departments need to be accountable to the university community at large for the tools of instruction in these classes – particularly tools that will violate policies, such as key loggers, password cracking tools or vulnerability assessment software – and need to take measures to isolate those students, control the classroom activity and coordinate with computing services staff to preserve the integrity of the University computer network.
The main thesis of this paper is that Information Systems Security Engineering (ISSE) should be an essential element of introductory Systems Engineering (SE) courses. Based on a small informal survey, ISSE concepts seem not to be included in SE introductory courses. This paper, therefore, makes the argument that security learning objectives need to be integrated into the initial stages of teaching SE students. In the process of exploring whether SE students are properly exposed to ISSE, this paper reviews a current introductory SE course description and its learning objectives, provides sample security learning objectives, reviews the IEEE SE model, and finally suggests the Information Assurance Technical Framework (IATF) as one way of including security into SE models.
The demand for skills and knowledge in computer forensics has risen over the past decade in response to the increased use of computers and the Internet to commit crime. Computer forensics requires specialist technical skills. However, computer forensics is also cross-discipline, encompassing the areas of, criminology, psychology and criminal profiling, investigative techniques together with aspects relating to the law, expert witness and testimony. This paper introduces the nature and content of the computer forensics module at Curtin University and discusses the underpinning philosophy of the module and how it fits within a wider framework of the masters programs.
Information security education includes many topics, some technical and some managerial. One topic that is central to all of these is that of information security policy. Before policy can become the centerpiece of information security education, a coherent model that can encompass the broad range of the topic is needed. In addition to the essential elements of policy, students also need to be exposed to the best practices for managing information security policy. Once a teaching model for policy is selected, faculty can use lectures, project assignments and lab exercises to reinforce student learning.
Over the course of two and a half years, students at the University of Texas at Austin have developed a network and security research group that combines presentations, classes, and projects to produce highly skilled student researchers in a very short period of time. Their program exists independent of any official curriculum and is designed to combine self-motivated students’ desire to learn with an environment that allows them to exercise on that knowledge. This paper details the evolution and current structure of the group. It is intended for educators and students interested in creating similar organizations.
Copyright © 2024 CISSE™. All rights reserved.