Archives

One of the main impediments to establishing an IA program is the requirement of a laboratory facility that will reinforce concepts taught in class with hands-on experiences. This is due to the fact that an IA lab is difficult to build and maintain as it needs to be dedicated and isolated and cannot be part of a general purpose campus laboratory. Many schools cannot afford a separate laboratory just for an IS course. In this paper we present the design of a virtual laboratory that will allow multiple institutions to share one physical laboratory. This design was done as part of an NSF capacity building project to establish a centralized laboratory facility at Polytechnic that can be used by schools in the tri-state area surrounding NY City.

This paper responds to issues raised by Information Assurance (IA) researchers and teachers, ([1], [2], [3]) on the cross-disciplinary nature of the field. It seeks to expand the debate on the content of forensic computing, information security and information warfare curriculum by proposing a minor stream (or track) in Information Assurance which could serve as part of a broad range of undergraduate programs. These include degrees in science, social science or business rather than the technical ones, such as computer science and IT, where the IA minor stream is currently located.

The Software Engineering Institute1 (SEI) seeks to transition courseware, materials and a survivability and information assurance curriculum to various departments at institutions of higher education, with a particular focus on Minority Serving Institutions (MSIs) and community colleges. Rather than build an infrastructure to accomplish this, the SEI utilizes partnerships which leverage the strengths of the SEI and the strengths of the partner educational institutions and builds upon existing trusted relationships and infrastructure, and sustains the incorporation of new and evolving materials. Leveraging other complementary programs, events and organizations broadens the offering and makes it more cost effective to all parties concerned. Over the past three years, the SEI has developed a four-pronged approach for its educational outreach in information assurance, with the goal of increasing the educational IA capacity.

In developing a new set of courses in Information Assurance at Penn State University’s School of Information Science and Technology, a group of upperclassmen with previous Information Assurance experience were recruited by professors to develop a series of educational lab assignments. These labs were developed using Problem Based Learning concepts encouraging student understanding and exploration as opposed to a more step-by-step and purely methodical approach. In conjunction these students were responsible for creating a network environment as a platform for these labs that would also be capable of supporting undergraduate research of Information Security issues.

In December 2001 a meeting of interested parties from fifteen four-year IT programs from the US along with representatives from IEEE, ACM, and ABET (CITC-1) began work on the formalization of Information Technology as an accredited academic discipline. The effort has evolved into SIGITE, the ACM SIG for Information Technology Education. During this period three main efforts have proceeded in parallel: 1) Definition of accreditation standards for IT programs, 2) Creation of a model curriculum for fouryear IT programs, and 3) Description of the characteristics that distinguish IT programs from the sister disciplines in computing.

Modeling, simulation, and visualization play a significant role in the study of Information Assurance and Infrastructure Security. Research in this area is generally multidisciplinary in nature and collaboratively conducted by researchers with expertise in computer science, engineering, business, mathematics, and statistics. The paper presents modeling, simulation, and visualization of a hypothetical network system using the Easel agent-oriented programming language. The network system is represented as a multi-agent system. This multi-agent approach provides a more complete understanding of network attack and defense postures, network dynamics, and the computation of network security.

At the 7th and 8th Annual CISSE conferences, case studies were presented describing a process for adding a three-course track in information assurance to the curriculum of a small, private university in the Pacific Northwest, with only a moderate budget and without hiring additional permanent faculty. [1, 2] In this paper, we finish describing the evolution of that curriculum, by discussing the third, and final, course in the series—Secure Code. [3] This course was designed to lead a primarily professional, mature student audience to a learning epiphany that would change their behaviors as developers. To achieve this end, the authors developed a pedagogical model for designing IA curriculum that draws on sources from both East and West. Indeed, several months later, after having completed the course, students indicated they still were using the secure coding techniques they were taught.

In 2004, a workshop was held in San Antonio, TX to discuss the possibility of establishing a national collegiate cyber security competition. Academicians and students from across the nation were invited to discuss the possibility and to share their ideas on how such a competition should be conducted. A report was generated later that year detailing the recommendations from that workshop. Several of the participants from Texas schools agreed at the competition to develop a regional competition and to conduct it the next academic year. This paper discusses the resulting Collegiate Cyber Defense Competition.

In this paper we discuss the need for an Information Assurance (IA) curriculum standard for college level IA programs. Existing IA standards emphasize professional training as opposed to education, and are not general enough for typical undergraduate programs. We present curriculum development efforts from colleges based on existing standards, which demonstrates the problems with these standards. We propose a process for the creation of a standardized IA curriculum that could serve as a model for college IA programs. The process for designing a standardized IA model is based on a successful curriculum design model from MIT.

Network and computer courses need dedicated laboratories for students to carry out hands-on assignments and course projects. Typically, these projects require each student to be given administrative access to an entire, isolated network of computers. The obvious approach of creating one dedicated physical network for each student is prohibitively expensive, both in terms of hardware costs, as well as the management overhead in setting up and administering these networks. We have therefore developed a platform where logically isolated virtual networks of computers can be set up very easily. The platform greatly simplifies administration of virtual networks by automating the startup and shutdown of these networks.