Vol. 3 No. 1 (2015): Journal of The Colloquium for Information Systems Security Education
Journal of The Colloquium for Information Systems Security Education

For the past nineteen years the Colloquium for Information Systems Security Education (CISSE) has been the one constant in the changing field of cybersecurity education. CISSE was established to provide the authoritative place for advancing meaningful ideas in cybersecurity teaching and learning. And in that respect, the communities of interest who participate in CISSE's workshops, academic and roundtable presentations represent a significant critical mass for the presentation and discussion the latest concepts methods and practices for effective cybersecurity education.

To reinforce the importance of this marketplace of ideas, there have been a growing number of pure academic papers presented at the conference. In order to maintain CISSE's well-established reputation as a source of new and evolving knowledge, it is important that those papers reflect the highest academic standards for the presentation of new ideas. Consequently the concepts submitted to the conference undergo a rigorous double blind refereeing process. And only the best of those are presented in individual sessions.

These sessions reflect themes of growing interest in the field of cybersecurity education. And the ideas contained in them provide the basis for excellence in teaching and learning. The papers that exhibit the most distinctive scholarship are then published in the Journal of the Conference. Given those rules of the road it should be understood that the contents of this edition of the Journal of the Colloquium for Information Systems Security Education (CISSE) represent the best current thinking about the methods and practices for educating the Nation's evolving cybersecurity workers. This requirement is a particularly important endeavor given the absolute need for a high quality skilled cybersecurity workforce to meet the difficult future cyber-challenges facing this Nation.

Formulating effective strategies for cybersecurity education is a much more difficult and complex task than the average person might appreciate. That is because, the basic educational experience encompasses learning at every stage from K-12 through advanced research settings. And each of these communities of practice have much different cultural norms and requirements. Moreover, the entire body of knowledge of the field itself spans the gamut from electronics and cryptography to the law, and physical and personnel security. Even content from fringe academic disciplines like military science play some role in the protection of our cyber infrastructure.

Thus, the awareness, training and education approaches we adopt need to be both wide-ranging and innovative. Accordingly, the contents of this Journal focus on groundbreaking ideas for satisfying the critical need for cybersecurity professionals. It will present and discuss a set of up-to-date approaches to ensuring a continuously capable workforce and it will outline the best practices necessary to ensure practical learning experiences for America's cybersecurity professionals.

What you will find in this issue are eleven carefully selected papers that discuss aspects of how to better integrate cybersecurity learning into the classroom. The articles here represent many avenues of thought. It is our considered opinion that this sort of wide-ranging dialogue comprises the first step in achieving excellence in cybersecurity education. And it further reinforces the importance of cybersecurity teaching in the overall efforts to ensure a stronger and safer America.

We would not have been able to do this alone, and so we would like to acknowledge Tamara Shoemaker for her outstanding work in managing the review process, and our colleagues who served as reviewers for this issue:

Assistant Paper Chairs and Reviewers:
Susanne Wetzel and Tanya Zlateva

Ping Wang, James Walden, Patricia Tamburelli, Themis Papageorge, Sherly Abraham, Douglas Blakemore, Denise Pheils, Terrance Campbell, Jason Pittman, Prem Uppuluri, Paul Wang, Richard Weiss, William Oblitey, Xinwen Fu, Imani Palmer and Zouheir Trabelsi

Dan Shoemaker, PhD.
Professor, Editor CISSE Proceedings


James Sullivan, Michael E. Locasto
pp. 20
A Structured Approach to Student-Discovered Bugs and Vulnerability Disclosure
Charles E. Wilson
pp. 19
Cybersecurity in the 21st Century: Applying Cyber Threat Intelligence
Masooda Bashir, April Lambert, Jian Ming Colin Wee, Boyi Guo, Nasir Memon
pp. 17
Exploring the Vocational Interests of Cybersecurity Competition Participants
John A. Chandy, Zhijie Shi, Mark Tehranipoor, Megan Welsh, Chujiao Ma, Ujjwal Guin, Qihang Qihang
pp. 19
Hardware Hacking: An Approach to Trustable Computing Systems Security Education
Shuangbao (Paul) Wang, William Kelly, Xiaoming Wang
pp. 18
HiSPO: A Novel Threat Analysis and Risk Mitigation Approach to Prevent Cyber Intrusions
Lorie M. Liebrock, Judy Holcomb, Kaley Goatcher, Jesse B. Crawford, Tyler Cecil
pp. 21
Impact of Net Neutrality and the Open Internet Order on Security and Privacy in Education
Anne Kohnke
pp. 23
Organization Security Controls for Effective Cyber Defense
Melissa Dark, Stephen Belcher, Ida Ngambeki, Matt Bishop
pp. 16
Practice, Practice, Practice ... Secure Programmer!
Weichao Wang, Chuang Wang, Le Xie, Wen-zhan Song, Yi Pan
pp. 19
Security Education for Smart Grid: Materials, Experiments, and Evaluation
Ida Ngambeki, Melissa Dark, Matt Bishop, Stephen Belcher
pp. 15
Teach the Hands, Train the Mind … A Secure Programming Clinic!
Shiu-Kai Chin
pp. 22
Teaching Undergraduates Certified Security by Design