Vol. 6 No. 1 (2018): Journal of The Colloquium for Information Systems Security Education
Journal of The Colloquium for Information Systems Security Education

Since 1996 the Colloquium for Information Systems Security Education (CISSE) has been the voice of the academic element of the field of cybersecurity education. CISSE was established to provide the single authoritative forum for conducting meaningful dialogue between the wide range of government, industry, and academic entities involved in the protection of our nation’s information and its information and communication technology assets.

The Community meets every year at a different part of the Country in order to elaborate and further discuss the most effective means of maintaining a high standard of excellence in practice in cybersecurity education. In order to have any credibility as a source of new and evolving knowledge it is important that the highest academic standards apply to the presentation of new knowledge to the membership.

Thus, the papers submitted to the conference undergo double blind refereeing process and a percentage are presented in individual sessions at the Conference. Once the Conference is ended an Editorial Board selects a small set of papers that are considered to be important to the community at-large. These are then processed as Journal publications. And that is what we are presenting to you here.

These publications reflect the best possible scholarship in the field of cybersecurity and their selection is highly competitive. It is the aim of this Journal to offer only the most outstanding scholarship available to it. However, the editors and publishers also work with new authors in order to help them to bring their work to publishable standards.

Given that background it should be understood that the ideas contained in this Journal represent the best thinking in the methods and practices for integrating cybersecurity education into conventional curricula. Cybersecurity is an emerging discipline. And make no mistake, it IS a separate discipline from any of the conventional computer studies. Thus, it is critical to publicize the broadest and most comprehensive range of meaningful new ideas about where the discipline will evolve going forward.

The idea almost might be too obvious of offering a forum to present and discuss revolutionary ideas separate from the present monolithic vision of the field. Nonetheless, that has not been the case in the past. That is true because there are a number of systemic and cultural challenges that have to be overcome before we can get a holistic understanding of this critical field. Therefore, the ideas presented here are not constrained by any preconceived notions of what the field ought to be like. Instead we are focusing on their merit as a means of solving difficult problems that exist in our modern society.

The articles in this Journal address ways to more effectively leverage the range of sub-disciplines in the defense of information. Spreading the net as wide as possible is a particularly obvious and justifiable way to address threat. And that is our mandate and challenge to the researchers, and cybersecurity professionals of the future.

Effective strategies for protecting the organization against relevant electronic, human and physical threat requires understanding the state of the various existing common communities of within the educational landscape. Because the cultures of each of these communities of practice are so different, the awareness, training and education approach needs vary. The contents of this Journal focus on developing and maintaining responses to every legitimate threat It will present the wide range of these threats and provide solutions in the form of up-to-date approaches to ensuring a continuously capable response. It will focus on best practices for practical education and training for the modem cybersecurity profession.

What you will find in this issue are nine carefully selected articles that discuss aspects of existing threats or new issues that are arising. The articles here represent many avenues of thought. It is our considered opinion that this sort of wide-ranging dialogue constitutes the first steps in overcoming existing biases and lack of knowledge and it takes the first steps in ensuring that cybersecurity education will evolve into the kind of main tent profession that we all want it to be. We would not have been able to do this alone, and so we would like to acknowledge Tamara Shoemaker for her outstanding work in managing the review and production process, and our colleagues who served as reviewers for this issue: Alex Rudny, Allen Parrish, Ankur Chattopa, Anne Kohnke, Anyi Liu, Carl Willis-Ford, Deanne Wesley, Dipankar Dasgupta, Filipo Sharevski, Frank Hu, J.D. Chase, Johnathan Yerby, Joseph Ekstrom, Kevin Floyd, Michael McGregor, Mohamed About a, Natalija Vlajic, Prem Uppuluri, Rajendra Raj, Shamik Sengupta, Shiu-Kai Chin, Steven Fulton, Steven Brown, Steven Shih, Subrata Saluja, Weichao Wang, Xuguang Chen, and Yesem Pecker. With a special thanks to our Editorial Board, Barbara Endicott Popovsky, Ken Sigler, Marc Dupuis and William H Murray and our Design and Production Editor Andrew Belón.

Dan Shoemaker, Ph.D., Professor


Leah Winkfield, Yen-Hung Hu, Mary Ann Hoppa
pp. 19
A Study of the Evolution of Secure Software Development Architectures
Daniel Thomas Loughran, Mayar Kefah Salih, Vinitha Hannah Subburaj
pp. 24
All About SQL Injection Attacks
Deep Kakkar, Lori Gordon
pp. 20
Envisioning Alternate Futures Will Change Our Thinking About Cybersecurity
Oscar Ukpere, Steven Brown
pp. 17
Examining the Level of Education Factors on Reducing Data Security Breaches
Johnathan Yerby, Kevin Floyd
pp. 23
Faculty and Staff Information Security Awareness and Behaviors
Michael E. Whitman
pp. 21
Industry Priorities for Cybersecurity Competencies
Shuangbao (Paul) Wang, Amjad Ali, Ujjwal Guin, Anthony (Tony) Skjellum
pp. 16
IoTCP: A Novel Trusted Computing
George Onoh
pp. 18
Predicting Cyber-Attacks Using Publicly Available Data
Michael McGregor, Michael Haney
pp. 11
Quantum Key Exchange Simulator