Archives

This article examines the impact of a cross institutional faculty research mentorship program in Information Assurance (IA) on teaching and research at participating institutions. In this NSF funded project, security researchers invite community college and junior faculty to work jointly on research problems in IA and security. The program aims to enhance teaching in security at institutions in the Maryland Alliance for Information Security and Assurance (MAISA) through research. Its underlying philosophy is that research should inform teaching and teaching should, in turn, inform research.

Our institution prepares young men and women to enter military service each year. All of these officers are immediately integral to the ongoing conflict in cyberspace. Every mission in today’s military relies on cyberspace for successful accomplishment and every military member is an integral part of the day to day defense of our networks and information assurance. Every graduate of our institution must understand the art of the possible in the information and cyber domains and be prepared to integrate information and cyber techniques into ongoing operations to achieve the desired effects on the adversary.

Recent reports and testimonies to the U. S. Congress have brought into the public eye the massive extent to which U. S. information systems are penetrated by hackers and cyber spies. One recent report provided evidence that U. S. based university information systems are being used by cyber spies as collection and dissemination points for the fruits of their labors. These discoveries are leading to increased federal information security regulations. This report examines the current state of the use of systematic, well-formulated information security plans by colleges and universities.

A new systematic approach to information systems security education is proposed that includes the concepts of target, system and threat. These concepts cover the complete security context, and allow the Asset Protection Model (APM) the ability to define information systems security in a specific context. The APM is based on existing, well-established information assurance models. The APM provides cognitive support as well as a static and dynamic view of the model information.

Web application security has been an emerging topic while an increasing number of commercial applications are web-based. We are developing a new secure web development teaching tool, called SWEET (Secure WEB Development Teaching), to teach the students about web application security based on the life cycle of the application development. This paper describes the development of SWEET and provides an example of laboratory exercises on secure web communications. Experiences of incorporating SWEET in Information Assurance courses are also discussed.

This paper discusses how news stories are integrated into an introductory course on Computer Security and Ethics. The main emphasis in this paper is on two assignments that relate to computer security in the news. Special attention is paid to the second of these two assignments. This requires that students create a blog containing links to security news stories along with commentaries on those news stories. This blog is maintained through the entire semester. All of the students who chose to do this assignment during the fall 2009 semester have expressed enthusiasm for this project.

Many universities and community colleges with an Information Assurance major or concentration include a course or modules of a course covering the topics of law, ethics, and the affect of information assurance solutions on laws and ethics. In this paper, we discuss how we have applied an active learning approach to our course, “Legal Impacts of Computer Security Solutions”for both undergraduates and graduate students using the traditional classroom as well as an online learning environment.

The focus of this paper is to discuss observations and common issues that exist with respect to information assurance in rural and urban environments. Due to an often limited prior exposure to computer technology before starting college, students in rural and urban areas begin their studies with an experience deficit that provides an easy attack vector for identity thieves to exploit. In addition to potentially significant personal harm to the individual, losses that result have a negative impact on society. We propose an interdisciplinary approach to address the problem that incorporates the use of case studies to promote discussion and awareness in at risk student populations.

The fast growing demand on information security education, both in terms of the numbers of courses and students, presents a major challenge to developing and maintaining a laboratory facility that reinforces concepts and skills taught in class with hands-on experiences. In this paper, we present an approach for designing a Virtual Security Lab (VSL) that allows students to access the lab resources through Internet. The feedback from students enrolled in computer forensics class showed the positive results of using VSL for this course. Our experience provides valuable lessons for security education.

The Cyber Patriot National High School Cyber Defense Competition has completed its second pilot year. Results have been very promising with 170 schools participating in the 2009-2010 school year. Much, however, still needs to be accomplished in order for the competition to be a truly national competition. This paper will discuss the Cyber Patriot program, what has been accomplished, what is planned, and what is needed for it to be a national program. The paper will also discuss the ties between this program and the National Collegiate Cyber Defense Competition and how the relationship will benefit the competitions specifically and the state of cyber security education in general.