Archives

This paper describes an integrative approach for teaching information systems (IS) security issues within an IS strategy and policy course. The educational strategy is to get students involved in thinking critically about information systems (IS) security issues in an executive role. The educational goal is for students to develop an information systems plan, thinking about security issues early—that is, while information systems are in the planning stage—and in concert with the all-too-often compartmentalized topic of ethics. The result is a strategic security planning module. The educational approach is described and outcomes mapped to a pair of accepted information security education standards.

Despite the continuous hard work that educators and organizations undertake to develop the skill-base necessary to defend our national assets, it has become increasingly obvious that the United States and the rest of the world are ill prepared for an all out cyber attack. One very valuable contribution to creating a workforce capable of addressing this important issue is the cyber defense exercises which simulate the very environments our students will be charged with defending in their careers. In this paper, we explore cyber defense exercises from an educational perspective and investigate how recent work in this area can be leveraged to improve the security posture of the nation.

This paper describes an undergraduate certificate in Information Security that supplements the Baccalaureate degrees in Computer Science and Technology and Information Systems at Radford University with comprehensive coverage of information security. The paper presents the rationale behind our decision to develop a certificate and discusses the issues we encountered while developing and implementing the curriculum for the certificate.

Interdisciplinary collaborations are transforming the way we learn and the way we teach. This article is about expanding the congruent and often overlapping domains of Information Assurance and the Law. While IA curricula pay some heed to the effect of legal matters on security procedure and outcome, the curriculum has been heavily focused on computer science and management information systems. Through greater co-operation we feel that IA curricula may gain tremendous enrichment and increased understanding, not only of the Law, but of issues central to IA.

There has been a standard curriculum for Information Systems programs since the introduction of the DPMA Model Curriculum in 1981. Security management has been an important ingredient in all of the Information Systems curricula. For example, in the 1981 curriculum the CIS-13 course was titled EDP Audit and Controls and was taught much like it would be today, except the techniques were applied only to main-frames. The CNSS 4012 certification, for Senior Systems Managers is a natural certification to be added to an Information Systems program.

This paper describes a project to use a virtual team approach to add information security topics to two graduate courses where these topics are not the primary focus, using student teams from those two courses working with students enrolled in an information security management course. Students worked on development of an implementation plan involving security issues for a fictitious business case. Results indicated increased security awareness of students in all three courses by the end of the semester, based on pre-test and post-test results.

As networked computers become more accepted in businesses and homes, so has the recognition for a need to improve and simplify computer security, increase access to information, and ensure that data is not compromised. Leading the way in this effort is the U.S. Government, which focuses its efforts on what it defines as information assurance. One aspect of information assurance programs in both public and private organizations is workforce awareness training. The U.S. Government’s Department of Defense mandates such awareness training annually to all employees and contractors who use their information technology systems.

The security injections project at Towson University proposes to “inject” security across the foundational and upper-level courses at universities and community. To achieve this, we and our partner institutions design and develop a series of strategically-placed, security-related, self-contained modules to be used in classes. An easy to use web portal serves as the repository and dissemination medium for modules targeted at computer literacy, CS1, CS2, and other courses. To date, this project has reached over 1000 students and we have held training workshops attended by 45 instructors at 5 institutions. Assessment instruments for student learning have been designed and controlled experiments with 19 classes in three institutions have shown promising results.

Training students in cyber defense requires an educational model that includes instruction, exercise, competition and certification. To be qualified, the student will need to not only understand the techniques and technology of cyber defense, but also be tested in a live environment, under stressful conditions, in their ability to maintain critical services, while thwarting real-world attacks. As the educator preparing this individual, what curriculum, tools and technologies are required to train and challenge your students from basic instruction through certification?

With the increase of information security programs and curricula, a number of laboratory experiments or exercises, laboratory-based courseware or courses have been developed for information security education. While most of the existing laboratory exercises/experiments focus on security issues in a wired network, this paper describes a series of laboratory exercises we’ve developed for demonstrating wireless network attacks and defenses using common open source tools. These laboratory exercises demonstrate the following concepts or methods: wardriving, eavesdropping, WEP key cracking/decryption, Man in the Middle, ARP cache poisoning, MAC spoofing and defense techniques of some of the attacks.