Archives

The blackout during the summer of 2003 proved that our critical infrastructures, e.g., power grid, are vulnerable! According to experts in the Department of Homeland Security (DHS), the likelihood of a blended attack---physical and cyber—on our nation is relatively high. This paper makes the case for educators and curriculum developers to broaden current Information Assurance –focused curriculum, concepts and pedagogies to include” Infrastructure Assurance.” This paper will do this by: (1) describing and discussing the notion of convergence theory--the next attack will be a blended attack of physical and cyber dimensions; (2) identifying the components that comprise the U.S Critical Infrastructure;(3) discussing the notion of “Infrastructure Assurance” and its role in current Information Assurance curriculum; and (4) using a regional water supply system scenario, provide a framework for developing a Critical Infrastructure Protection (CIP) strategy framework and pedagogically integrating Infrastructure Assurance into existing Information Assurance curriculum.

Teaching computer science at the university level presents areas of potential conflict with computer services and their responsibility for delivering a secure network environment. This conflict is particularly evident in the case of computer security study where the use of course related tools may violate Acceptable Use Policies (AUPs) for the university network. Computer Science departments need to be accountable to the university community at large for the tools of instruction in these classes – particularly tools that will violate policies, such as key loggers, password cracking tools or vulnerability assessment software – and need to take measures to isolate those students, control the classroom activity and coordinate with computing services staff to preserve the integrity of the University computer network.

The main thesis of this paper is that Information Systems Security Engineering (ISSE) should be an essential element of introductory Systems Engineering (SE) courses. Based on a small informal survey, ISSE concepts seem not to be included in SE introductory courses. This paper, therefore, makes the argument that security learning objectives need to be integrated into the initial stages of teaching SE students. In the process of exploring whether SE students are properly exposed to ISSE, this paper reviews a current introductory SE course description and its learning objectives, provides sample security learning objectives, reviews the IEEE SE model, and finally suggests the Information Assurance Technical Framework (IATF) as one way of including security into SE models.

The demand for skills and knowledge in computer forensics has risen over the past decade in response to the increased use of computers and the Internet to commit crime. Computer forensics requires specialist technical skills. However, computer forensics is also cross-discipline, encompassing the areas of, criminology, psychology and criminal profiling, investigative techniques together with aspects relating to the law, expert witness and testimony. This paper introduces the nature and content of the computer forensics module at Curtin University and discusses the underpinning philosophy of the module and how it fits within a wider framework of the masters programs.

Information security education includes many topics, some technical and some managerial. One topic that is central to all of these is that of information security policy. Before policy can become the centerpiece of information security education, a coherent model that can encompass the broad range of the topic is needed. In addition to the essential elements of policy, students also need to be exposed to the best practices for managing information security policy. Once a teaching model for policy is selected, faculty can use lectures, project assignments and lab exercises to reinforce student learning.

Over the course of two and a half years, students at the University of Texas at Austin have developed a network and security research group that combines presentations, classes, and projects to produce highly skilled student researchers in a very short period of time. Their program exists independent of any official curriculum and is designed to combine self-motivated students’ desire to learn with an environment that allows them to exercise on that knowledge. This paper details the evolution and current structure of the group. It is intended for educators and students interested in creating similar organizations.