Archives

Papers

The East Stroudsburg University of Pennsylvania undergraduate Computer Security Program is offered as a model for colleges and universities who would like to incorporate information assurance education, and perhaps a new degree program, into their existing computer science programs. The lessons learned by the faculty involved in the ESU program will be illustrated.

A graduate level course on security vulnerability assessments, including practical experience at commercial firms, has become a cornerstone of our Information Assurance curriculum. The hands on nature of the course, designing, performing and experiencing an actual team based security assessment significantly deepens the level of understanding for students. Blending academic and training aspects yields a course with significant content and a unique opportunity based delivery mechanism while at the same time providing favorable exposure of the program to the community. The development of the course has been a journey through many challenges most of which are resolved through adequate pre-class preparations. Feedback from students has shown the long term value of a true comprehensive applied course.

This paper discusses the work at three collaborating institutions to develop, test, and disseminate educational materials on secure network protocols that can be used in both undergraduate and graduate studies. The materials will be developed in alignment with existing education/training standards in information assurance and security. In addition, the authors have created a set of requirements for development of the materials that enables their reuse by faculty at other institutions. This paper describes our methodology for creating reusable learning modules in secure protocols.

On 15 August 2004, DoD Directive 8570.1 Information Assurance Training, Certification, and Workforce Management was issued which required the training and education the IA Workforce with the appropriate tracking and certification mechanisms. This is a massive task and to date no clear guidance has been released directing how the military services should accomplish this task. This document explains a methodology to approach this requirement that maps existing military courses with CNSS IA Standards and offers a process to allow seamless use of existing classes with web-based courses to fulfill the directive.

The formation of a new research and postgraduate education institute, the Information Security Institute (ISI), was proposed for the Queensland University of Technology in 2004. The ISI concept involves a collaborative research undertaking of the Faculty of Built Environment and Engineering (BEE), the Faculty of Business (BUS), the Faculty of Information Technology (IT), and the Faculty of Law (LAW). The formation of the ISI was put forward as the next logical step in consolidating the already acknowledged expertise that the university had developed in all aspects of information security over the past 16 years. The ISI has been established to pursue multi-disciplinary research in technology, legal, policy and governance issues related to all aspects of information security and assurance.

This paper applies the NIMSAD framework to the evaluation of IA education projects. The framework considers elements relating to the education process, the education practice, and the educators as project teams. It is proposed that the evaluation of the above elements takes place at a minimum of three time periods using the criteria of efficacy, efficiency and effectiveness. The framework recognizes the importance of the human element and provides a holistic process to evaluating IA education projects. The generic nature of the framework allows its adaptation to other curriculum development, IT and security related projects and research.

The development of best practices and checklists to improve system security has popularized techniques and technologies for strengthening systems. These techniques provide a basis for teaching the importance of assumptions in computer and information security, and the necessity of questioning them. We present an example of analyzing a set of security guidelines to determine the underlying assumptions, and give examples of how to demonstrate the importance of the assumptions to the effectiveness of the guidelines.

In addition to managing the security of data assets, Information Technology (IT) has taken a significant role in managing the enforcement of corporate Acceptable Use Policies (AUPs). Human Resource departments rely on IT to monitor employee adherence to these policies. The ability of IT to monitor and investigate suspicious employee behavior and the direct violation of corporate AUPs represents an important element of managing information security. IT staff use some of the same computer forensic skills practiced by law enforcement, but investigations often require an extension of those skills to meet the unique nature of corporate surveillance and investigation.

The purpose of CyberCIEGE is to create an extensible Information Assurance (IA) teaching and learning laboratory. Through a scenario definition language, educators can create simulations to demonstrate specific IA concepts. In addition to rigorous scientific foundations, it involves the application of abstract principles to a virtual world. This hands-on virtual laboratory provides a dynamic and often surprising context where abstract principles can be applied.

Information Security courses such as Network Security and Database Security require the need for students to test the concepts taught. In order to develop effective countermeasures the students must first learn about the effects of attacks on networks. In a live network of an academic institution it is impossible to provide such a facility for testing and development. A stand-alone Information Security Lab was envisioned for this purpose and was developed over the past two years.

One of the main impediments to establishing an IA program is the requirement of a laboratory facility that will reinforce concepts taught in class with hands-on experiences. This is due to the fact that an IA lab is difficult to build and maintain as it needs to be dedicated and isolated and cannot be part of a general purpose campus laboratory. Many schools cannot afford a separate laboratory just for an IS course. In this paper we present the design of a virtual laboratory that will allow multiple institutions to share one physical laboratory. This design was done as part of an NSF capacity building project to establish a centralized laboratory facility at Polytechnic that can be used by schools in the tri-state area surrounding NY City.

This paper responds to issues raised by Information Assurance (IA) researchers and teachers, ([1], [2], [3]) on the cross-disciplinary nature of the field. It seeks to expand the debate on the content of forensic computing, information security and information warfare curriculum by proposing a minor stream (or track) in Information Assurance which could serve as part of a broad range of undergraduate programs. These include degrees in science, social science or business rather than the technical ones, such as computer science and IT, where the IA minor stream is currently located.

The Software Engineering Institute1 (SEI) seeks to transition courseware, materials and a survivability and information assurance curriculum to various departments at institutions of higher education, with a particular focus on Minority Serving Institutions (MSIs) and community colleges. Rather than build an infrastructure to accomplish this, the SEI utilizes partnerships which leverage the strengths of the SEI and the strengths of the partner educational institutions and builds upon existing trusted relationships and infrastructure, and sustains the incorporation of new and evolving materials. Leveraging other complementary programs, events and organizations broadens the offering and makes it more cost effective to all parties concerned. Over the past three years, the SEI has developed a four-pronged approach for its educational outreach in information assurance, with the goal of increasing the educational IA capacity.

In developing a new set of courses in Information Assurance at Penn State University’s School of Information Science and Technology, a group of upperclassmen with previous Information Assurance experience were recruited by professors to develop a series of educational lab assignments. These labs were developed using Problem Based Learning concepts encouraging student understanding and exploration as opposed to a more step-by-step and purely methodical approach. In conjunction these students were responsible for creating a network environment as a platform for these labs that would also be capable of supporting undergraduate research of Information Security issues.

In December 2001 a meeting of interested parties from fifteen four-year IT programs from the US along with representatives from IEEE, ACM, and ABET (CITC-1) began work on the formalization of Information Technology as an accredited academic discipline. The effort has evolved into SIGITE, the ACM SIG for Information Technology Education. During this period three main efforts have proceeded in parallel: 1) Definition of accreditation standards for IT programs, 2) Creation of a model curriculum for fouryear IT programs, and 3) Description of the characteristics that distinguish IT programs from the sister disciplines in computing.

Modeling, simulation, and visualization play a significant role in the study of Information Assurance and Infrastructure Security. Research in this area is generally multidisciplinary in nature and collaboratively conducted by researchers with expertise in computer science, engineering, business, mathematics, and statistics. The paper presents modeling, simulation, and visualization of a hypothetical network system using the Easel agent-oriented programming language. The network system is represented as a multi-agent system. This multi-agent approach provides a more complete understanding of network attack and defense postures, network dynamics, and the computation of network security.

At the 7th and 8th Annual CISSE conferences, case studies were presented describing a process for adding a three-course track in information assurance to the curriculum of a small, private university in the Pacific Northwest, with only a moderate budget and without hiring additional permanent faculty. [1, 2] In this paper, we finish describing the evolution of that curriculum, by discussing the third, and final, course in the series—Secure Code. [3] This course was designed to lead a primarily professional, mature student audience to a learning epiphany that would change their behaviors as developers. To achieve this end, the authors developed a pedagogical model for designing IA curriculum that draws on sources from both East and West. Indeed, several months later, after having completed the course, students indicated they still were using the secure coding techniques they were taught.

In 2004, a workshop was held in San Antonio, TX to discuss the possibility of establishing a national collegiate cyber security competition. Academicians and students from across the nation were invited to discuss the possibility and to share their ideas on how such a competition should be conducted. A report was generated later that year detailing the recommendations from that workshop. Several of the participants from Texas schools agreed at the competition to develop a regional competition and to conduct it the next academic year. This paper discusses the resulting Collegiate Cyber Defense Competition.

In this paper we discuss the need for an Information Assurance (IA) curriculum standard for college level IA programs. Existing IA standards emphasize professional training as opposed to education, and are not general enough for typical undergraduate programs. We present curriculum development efforts from colleges based on existing standards, which demonstrates the problems with these standards. We propose a process for the creation of a standardized IA curriculum that could serve as a model for college IA programs. The process for designing a standardized IA model is based on a successful curriculum design model from MIT.

Network and computer courses need dedicated laboratories for students to carry out hands-on assignments and course projects. Typically, these projects require each student to be given administrative access to an entire, isolated network of computers. The obvious approach of creating one dedicated physical network for each student is prohibitively expensive, both in terms of hardware costs, as well as the management overhead in setting up and administering these networks. We have therefore developed a platform where logically isolated virtual networks of computers can be set up very easily. The platform greatly simplifies administration of virtual networks by automating the startup and shutdown of these networks.

 
 
Powered by Phoca Download