Archives

Experiential learning has been shown to be one of the best methods for learning, especially when combined with other forms of instruction. While much of the literature has illustrated experiential learning techniques for information assurance curriculum in general, the “Cryptography” course has not been studied in great detail with regard to experiential learning. We discuss exercises of multiple forms which demonstrate the intersection of experiential learning and cryptography.

Information Assurance and Security is a pervasive theme that must be integrated throughout the information technology curriculum. In this paper, the development of three information assurance concentration programs which is to integrate information assurance topics with existing Computer Science Curricula at Arizona State University. Observations and lessons learned from the development process, including how to arrange and schedule the series of information assurance courses, how to improve student involvement, and what kinds of textbooks are most needed in this area are presented.

This paper describes aspirations for the information system security profession and steps for advancing them. It is about what the profession would look like if the authors and their associates could have it any way they wanted it to be. It describes a strategic vision. We do not expect this vision to be realized by accident. However, we believe that it can be achieved by design and intent within a decade. We make recommendations for meeting the requirements and challenge The Colloquium to lead the education component.

The paper presents a known sequential and a new parallel/concurrent actor-oriented solution of the Dominator problem. The new parallel/concurrent actor-oriented Dominator algorithm computes sets of dominators of nodes of a given control flow graph in a parallel/concurrent actor oriented way. The new Dominator algorithm is implemented as the multi-actor system in the Easel programming language. The new Dominator algorithm and its implementation are important contributions to the theory and practice of parallel / concurrent algorithms and actor-oriented programming. Because Dominator algorithm has applications in Information Assurance and Computer Security in detecting and locating program attacks – this novel and innovative Dominator algorithm may greatly influence these disciplines.

September 11 caused America to recognize the need to secure all parts of the nation’s critical infrastructure, including information technology. In 2002, the President released the National Strategy to Secure Cyberspace, a document that provides direction for strengthening cybersecurity. A key recommendation of the National Strategy to Secure Cyberspace is to build foundations for the development of security certification programs that will be broadly accepted by the public and private sectors. The Department of Homeland Security – National Cyber Security Division (DHS-NCSD) Training and Education Program has been tasked to lead these efforts by effectively articulating the needs of the public and private sector IT security community.

Cryptography is an essential component of America’s national security infrastructure. Billions of dollars are spent on cryptosystems every year, in both the public and private sector. Unfortunately, the field is rife with dubious claims, snake oil salesmen, and outright fraud. This paper highlights the importance of skepticism and critical thinking in the role of evaluating and procuring cryptosystems. We discuss our experiences in teaching future leaders about testing extraordinary cryptographic claims by asking hard questions, and show examples from our own experience. We believe that the rigorous application of skepticism and critical thinking in cryptography are absolutely essential to the wise use of America’s resources and the security of the nation.

In 2005 the first regional competition was held in what has become known as the Collegiate Cyber Defense Competition. The following year four regional competitions were held along with the first national competition. In 2007 the national competition continued with state competitions being added to the overall plan. The National Collegiate Cyber Defense Competition is well on its way to being established as an annual event with more schools joining the event each year. This paper addresses what the next steps are for the competition if it is to continue to gain recognition among schools and to indeed be established as the single recognized collegiate cyber defense competition.

Industry has recognized that creating secure systems requires incorporating security concepts throughout the software development lifecycle. A similar effort is required in education, integrating security best practices and risk management into the curriculum. At Towson University, we are developing and implementing a model to thread security throughout our computer science curriculum. Key to our plan is the use of security checklists and scorecards. Checklists provide a quantifiable list of security criteria to aid in writing secure code and reinforce security principles. Additionally, scorecards and checklists provide a consistent means of evaluation and assessment.

Ethical hacking is the controversial practice of employing the tools and tactics of hackers to test the security precautions protecting a network. Ethical hacking is becoming an accepted business practice and a number of schools are including ethical hacking in their Information Assurance (IA) curriculum. Some educators feel that it is necessary to know how to attack a network to truly understand how to defend a network. Schools that teach ethical hacking provide instruction to students along with the hardware and software tools they need to conduct ethical hacking exploits. Schools with Information Assurance or Information Security programs need to address the ethical, legal, and practical issues surrounding teaching ethical hacking.