cart

Members

Join Login

Membership and collaboration facilitated by Member 365.

Members

Join Login

Membership and collaboration facilitated by Member 365.

24th Colloquium

November 4 - 5, 2020

Online Sessions

24th Colloquium - Agenda

The Colloquium for Information Systems Security Education is hosting two days of FREE online seminars this November. This will be the first of a series of remote events for members, with the initial offering open to past conference attendees and guests. For event information, please click here.

Free Registration

Member365 will facilitate registration and provide portal access to the event and proceedings.

  • Session 1

    November 4th

    Introduction & Welcome

    24th Colloquium Kick-off

    • 11:00 AM EST
    • 8:00 AM PST
    • 4:00 PM BST

    Keynote

    Although 2020 is the Year of the Crisis, Only One is New

    • 11:15 AM EST
    • 8:15 AM PST
    • 4:15 PM BST

    CISSE UK

    “What’s in it for me?”: Growing a Cyber Security Education Community

    • Dr. Charles Clarke
    • 11:45 AM EST
    • 8:45 AM PST
    • 4:45 PM BST

    EC-Council

    Sponsor update

    • Wesley Alvarez
    • 12:05 PM EST
    • 9:05 AM PST
    • 5:05 PM BST

    Paper Introduction

    Exploring Security Challenges

    • 12:10 PM EST
    • 9:10 AM PST
    • 5:10 PM BST

    Paper Session 1

    Integration of Blockchain Concepts into Computer Science Curriculum

    • 12:15 PM EST
    • 9:15 AM PST
    • 5:15 PM BST

    Paper Session 2

    Quantum Cryptography Exercise Schedules with Concept Dependencies

    • 12:35 PM EST
    • 9:35 AM PST
    • 5:35 PM BST

    Paper Session 3

    Higher Education Social Engineering Attack Scenario, Awareness & Training Model

    • 12:55 PM EST
    • 9:55 AM PST
    • 5:55 PM BST

    Paper Session 4

    Experiential Activities for Risk Management Education

    • 1:15 PM EST
    • 10:15 AM PST
    • 6:15 PM BST

    Session I Close

    Sessions Wrap Up

    • 1:35 PM EST
    • 10:35 AM PST
    • 6:35 PM BST
  • Session 2

    November 4th

    Session II Open

    Session Introduction

    • 3:00 PM EST
    • 12:00 PM PST
    • 8:00 PM BST

    National Cyber League (NCL)

    Sponsor Update

    • 3:10 PM EST
    • 12:10 PM PST
    • 8:10 PM BST

    Paper Introduction

    Focus on Student Performance

    • 3:15 PM EST
    • 12:15 PM PST
    • 8:15 PM BST

    Paper Session 5

    Evaluating the Effectiveness of Gamification on Students’ Performance in a Cybersecurity Course

    • 3:20 PM EST
    • 12:20 PM PST
    • 8:20 PM BST

    Paper Session 6

    Judging Competencies in Recent Cybersecurity Graduates

    • 3:40 PM EST
    • 12:40 PM PST
    • 8:40 PM BST

    Paper Session 7

    Tempting High School Students into Cybersecurity with a Slice of Raspberry Pi

    • 4:00 PM EST
    • 1:00 PM PST
    • 9:00 PM BST

    Paper Introduction

    Building Better Educational Programs

    • 4:20 PM EST
    • 1:20 PM PST
    • 9:20 PM BST

    Paper Session 8

    Applied Cyber Security for Applied Software Engineering Undergraduate Program

    • 4:25 PM EST
    • 1:25 PM PST
    • 9:25 PM BST

    Paper Session 9

    Building Capacity for Systems Thinking in Higher Education Cybersecurity Programs

    • 4:45 PM EST
    • 1:45 PM PST
    • 9:45 PM BST

    Paper Session 10

    Enhancing Cyber Defense Preparation Through Interdisciplinary Collaboration, Training, and Incident Response

    • 5:05 PM EST
    • 2:05 PM PST
    • 10:05 PM BST

    Session II Close

    Sessions Wrap Up

    • 5:25 PM EST
    • 2:25 PM PST
    • 10:25 PM BST
  • Session 3

    November 5th

    Session III Open

    Session Introduction

    • 11:00 AM EST
    • 8:00 AM PST
    • 4:00 PM BST

    Keynote

    U.S. Equities Process

    • 11:10 AM EST
    • 8:10 AM PST
    • 4:10 PM BST

    The Colloquium

    Annual Awards

    • 11:40 AM EST
    • 8:40 AM PST
    • 4:40 PM BST

    Jones & Bartlett Learning

    Sponsor update

    • 11:55 AM EST
    • 8:55 AM PST
    • 4:55 PM BST

    Paper Introduction

    Vital Passwords

    • 12:00 PM EST
    • 9:00 AM PST
    • 5:00 PM BST

    Paper Session 11

    Weak Password Policies: A Lack of Corporate Social Responsibility

    • 12:05 PM EST
    • 9:05 AM PST
    • 5:05 PM BST

    Paper Session 12

    Do Users Correctly Identify Password Strength?

    • 12:25 PM EST
    • 9:25 AM PST
    • 5:25 PM BST

    Paper Introduction

    Watching the Adversary

    • 12:45 PM EST
    • 9:45 AM PST
    • 5:45 PM BST

    Paper Session 13

    An Experimental setup for Detecting SQLi Attacks using Machine Learning Algorithms

    • 12:50 PM EST
    • 9:50 AM PST
    • 5:50 PM BST

    Paper Session 14

    Follow the Money Through Apple Pay

    • 1:10 PM EST
    • 10:10 AM PST
    • 6:10 PM BST

    The Colloquium

    Conference Announcement

    • 1:30 PM EST
    • 10:30 AM PST
    • 6:30 PM BST

    Conclusion

    Session Complete

    • 1:35 PM EST
    • 10:35 AM PST
    • 6:35 PM BST

    The Colloquium

    Debrief for meeting organizers

    • 2:00 PM EST
    • 11:00 AM PST
    • 7:00 PM BST

William "Vic" Maconachy

Chariman

The Colloquium for Information Systems Security Education

Education

Dr. Maconachy holds a PhD in education from The University of Maryland.

Certifications

Dr. Maconachy has earned several certifications to include Two Professionalization Certifications from The NSA, and appointed a fellow of ISC2.

Clearance

Top Secret (while employed with the U.S. Navy and National Security Agency)

Experience

Industry

Dr. Maconachy is a co-founder and currently the Chairman of Colloquium for Information Systems Security Education.

Academia

After retiring from federal service, Dr. Maconachy served as Vice President for Academic Affairs/Chief Academic Officer at Capitol Technology University.

Government

Dr. Maconachy served our nation by working at The National Security Agency where he held increasing responsibilities. While there he developed the National Centers of Academic Excellence in Information Assurance Education, and led the development of the first national education and training standards in what is now cybersecurity education. Prior to that he served as an education specialist for the United States Navy, developing technical training programs in the cryptology field.

Secondary Education

Dr. Maconachy taught in Prince George's County Public Schools, Maryland, and Allegany County Public Schools, Maryland.

Publications and Awards

Dr. Maconachy has over 30 publications and contributing authorships. Dr. Maconachy's, A Model for Information Assurance: An Integrated Approach, was used as a teaching model t several U.S. Military academies His numerous awards include Department of Defense - Meritorious Service Award, and Secretary of Navy Commendation (for actions overseas).

Kayne McGladrey

CISO; Global Cybersecurity Expert; Thought Leader

IEEE Computer Society (IEEE CS)

The modern company has an implicit social contract to protect the data entrusted to it. As a cybersecurity professional, my role is to advise companies on how to uphold that social contract by managing risks and deterring and denying threat actors. My consultative approach is the result of decades of experience working with Fortune 500 and Global 1000 companies.

The ability to fluently speak the languages of both business and technology and effectively communicate complex concepts to non-technical audiences has not only facilitated conversation with company leadership in developing and implementing effective policies to reduce cyber threat, it has made me the go-to person for multiple media outlets and a spokesperson for IEEE’s Public Visibility Initiative.

One of my career priorities is to inspire under-represented communities to pursue careers in cybersecurity. Talent is not limited by geography or background. Because I look beyond the usual circles for talent, trust their abilities, and have an eagerness to help people succeed, I have been able to build effective teams despite the continued challenges of low unemployment in cybersecurity careers.

Wesley Alvarez

Partner Development Manager

EC-Council

Costis Toregas

Director, Scholarship for Service (SFS) Four-Year & Senior Advisor

George Washington University

Costis Toregas is the Director of the Cyber Security and Privacy Research Institute at The George Washington University, where he manages and conducts research projects in cybersecurity. His research interests include workforce development, the role of insurance in cyber risk management, and exploring a fuller utilization of Community Colleges in the cybersecurity work force strategies. He is a Senior Advisor & Director, Scholarship for Service (SFS) Four-Year to the National CyberWatch Center. He is a respected consultant to national governments and intergovernmental organizations, and a much sought-after speaker on the impact of technology in government and society. Dr. Toregas has a B.S. in Electrical Engineering and a M.S. and a Ph.D. in Environmental Systems Engineering from Cornell University.

Richard George

Senior Advisor for Cyber Security

Johns Hopkins University Applied Physics Lab
Richard M. (Dickie) George is the Senior Advisor for Cyber Security at the Johns Hopkins University Applied Physics Lab. At the Lab, he works on a number of projects sponsored by the US Government and provides oversight on additional efforts. He works with senior management at the Lab on cyber strategy for protection of critical national systems. He is also the APL representative to the I3P, a consortium of universities, national labs, and non-profit institutions dedicated to strengthening the cyber infrastructure of the United States. Prior to joining APL, he worked at the National Security Agency as a mathematician from 1970 until his retirement in 2011. While at NSA, he wrote more than 125 technical papers on cryptomathematical subjects, and served in a number of positions: analyst, and technical director at the division, office, group, and directorate level. He served as the Technical Director of the Information Assurance Directorate for eight years until his retirement.

Integration of Blockchain Concepts into Computer Science Curriculum

Eric Sakk, Shuangbao Paul Wang

In this work, we consider the nexus between blockchain technology and computer science curriculum. While it is possible to introduce the blockchain paradigm using a single course, the depth of a single topic can often be sacrificed at the expense of covering a breadth of information. As blockchain is an emerging technology, it is important to embed various concepts throughout the undergraduate curriculum with the depth necessary to reinforce each facet. Using a just in time approach, we define exactly where and how blockchain topics relevant to computer science should be introduced. As a means for active learning pedagogy, we introduce a lab framework for students to gain hands-on experience. Finally, we describe collaborations with industry to provide mentorship and internship opportunities.

Quantum Cryptography Exercise Schedules with Concept Dependencies

A. Parakh, V. Bommanapally, P. Chundi, M. Subramaniam

The design of a gamified instructional paradigm requires careful identification of concepts, concept dependencies, and concept flow in order to achieve maximum student proficiency, in a subject matter, while maintaining engagement. This is especially true for difficult and counter-intuitive fields such as quantum cryptography. In this paper, we present an abstraction of concepts that are needed to learn quantum key distribution in a gamified environment. This is coupled with a powerful adaptive navigation algorithm that guides students from one exercise to the next in the game such that maximum proficiency is achieved in various concepts associated with each exercise. The student traverses through different lessons in the game achieving the lesson outcomes in an efficient manner. This represents the first of its kind abstraction of quantum cryptography concepts and a navigation algorithm for a gamified paradigm.

Higher Education Social Engineering Attack Scenario, Awareness & Training Model

Thai H. Nguyen, Sajal Bhatia

In today’s information security ecosystem, hackers and threat actors are increasingly using social engineering tactics to circumvent advanced technical security technologies. While every year there are vast leaps in technical security systems, one critical dynamic, the human psychology still needs a dire upgrade to their operating system. The human dynamic and our innate psychological processing algorithms need a new approach to mitigate social engineering attacks. Higher education institutions are prime target for social engineering engagement missions as they house a large diverse population of faculties, students, alumni, and employees in their ecosystem. This diversity paired with increasing inclusion of international individuals only expands the existing dynamic vulnerable landscape, thereby requiring innovative methods to secure it. In this paper, the authors utilize an existing framework to develop nine specialized and publicly available social engineering attack scenarios geared toward a higher education environment. The paper also proposes preliminary models for social engineering awareness and training to combat such attacks. The effectiveness of the proposed models will be assessed by comparing pre- and post- awareness surveys as part of the future work.

Experiential Activities for Risk Management Education

Michael E. Whitman, Robert L. Chaput

A core premise in the instruction of Information Security/Cybersecurity is that risk management is a cornerstone of security management, as evidenced in the promotion of GRC (Governance, Risk Management and Compliance) as the strategic triad in the trade press. While a theoretical exploration of risk management is important, the provision of an experiential activity to support the theory is valuable in cementing the knowledge in students. This paper will discuss popular risk management methodologies and examine a number of tools to support the instruction of the more common methodologies by instructors without substantial cost or learning curve.

Evaluating the Effectiveness of Gamification on Students’ Performance in a Cybersecurity Course

Fikirte Demmese, Xiaohong Yuan, Darina Dicheva

The motivation of students to actively engage in course activities has significant impact on the outcome of academic courses. Prior studies have shown that innovative instructional interventions and course delivery methods have a vital role in boosting the motivation of students. Gamification tools aid course delivery by utilizing well established game design principles to enhance skill development, routine practice and self-testing. In this article, we present a study on how the use of a course gamification platform dubbed OneUp impacts the motivation of students in an online cyber security course. The study shows that more than 90% of the respondents agreed that OneUp has improved the effectiveness of the course delivery. In addition, 75% of the respondents want to use OneUp in their future courses. Furthermore, our analysis shows that OneUp has improved the median grade of students from B+ to A- compared to the same course delivered the previous year without using OneUp.

Judging Competencies in Recent Cybersecurity Graduates

Nelbert St. Clair, John Girard

This innovative research project chronicles how cybersecurity professionals and professors rate recent cybersecurity graduates in the components of Cybersecurity Competency Model. Noteworthy findings included that information technology graduates exhibit poor reading, writing, and some communication skills; there was a statistically significant difference between the two groups in their thoughts on the importance of mathematics; and there was a significant difference between the two groups pertaining to (a) planning and organization and (b) working with tools of technology.

Tempting High School Students into Cybersecurity with a Slice of Raspberry Pi

Sandra Gorka, Alicia McNett, Jacob R. Miller, Bradley M. Webb

Improving the Pipeline is an NSF grant project [1] to extend the Information Assurance and Cybersecurity pipeline into the high school environment by offering an after-school for college credit course to students. This paper discusses the use of an isolated and portable Raspberry Pi network within the course.

Applied Cyber Security for Applied Software Engineering Undergraduate Program

Yulia Cherdantseva, Phil Smart

In the current landscape where a constantly growing number of cyber threats is accompanied by the increasing shortage of cyber security professionals, it is essential to provide a well thought-out hands-on cyber security education as a part of all Computer Science and Software Engineering degrees. This paper described the experience of designing and delivering a Cyber Security module to Level 5 students on a three-year BSc Applied Software Engineering program. The key goal of the module is to instil the importance of cyber security in software development, and to teach in practice modern security techniques. While being predominantly focused on web-application security, the module also covers foundational cyber security concepts, cryptography and network security, and discusses non-technical topics including security frameworks and security economics. The paper presents the outline of the module, the configuration of the virtual machine used, the structure and content of sessions.

Building Capacity for Systems Thinking in Higher Education Cybersecurity Programs

Esther A. Enright, Connie Justice, Sin Ming Loo, Eleanor Taylor, Char Sample, D. Cragin Shelton

The decentralized nature of cybersecurity programs in higher education leads to a lack of unifying knowledge, skills, and dispositions in the cybersecurity workforce. The emphasis on teaching the latest technologies and techniques without a sufficient foundation in systems thinking could result in graduating students without the capacity to function as constructive agents operating in complex systems. Having a unifying, cohesive cybersecurity systems framework can bridge some of these gaps. In this article, we argue that cybersecurity programs and courses must contextualize their instruction on a specific topic by teaching students to situate their learning on the system level. Additionally, we suggest that active learning strategies, in particular case study analysis and concept mapping, are particularly well suited to support this type of student learning. This article presents a cohesive framework for teaching systems thinking in cybersecurity programs and courses. The framework is designed to support meaningful reform in the currently decentralized, (mostly) unregulated academic ecosystem that manages the preparation of our cybersecurity workforce.

Enhancing Cyber Defense Preparation Through Interdisciplinary Collaboration, Training, and Incident Response

Tristen K. Amador, Roberta A. Mancuso, Erik L. Moore, Steven P. Fulton, Daniel M. Likarish

To enhance the capabilities of a cyber defense collaborative, a psychometric analysis team was embedded in a collaborative incident response team. Collaborative incident response community members included the State of Colorado, the Colorado National Guard, Regis University, private companies, and others. The collaborative training developed when National Guard leadership saw the Rocky Mountain Collegiate Cyber Defense Competition held at Regis, and planning began around the potential of collaborative training. The case presented shows the progressive efforts that allowed this to move from enhancing training exercises to being embedded during live cyber defense operations. Some outcomes of the psychometric evaluation are presented here as an embedded quantitative study within the framing case analysis. The case analysis is then used to formulate a generalized model designed to support opportunities for a range of interdisciplinary collaboration in support of technical endeavors with operations security requirements as exemplified by cyber defense. The resulting model provides a framework for expanding research to other disciplines.

Weak Password Policies: A Lack of Corporate Social Responsibility

Tobi A. West

Data breaches continue to occur as weak password policies prevail on major websites, at costs reaching billions of dollars annually. Password attacks are a known cause of data breaches and abuse of user accounts. Enforcing strong password policies should be considered part of an organization’s corporate social responsibility. Major technology companies are socially obligated to go beyond internal policies to strengthen their password policies for external-facing consumer accounts to help reduce the risk of data breaches or sensitive data exposure. Strong, enforceable password policies are beneficial to reduce the risk of successful network attacks and prevent unauthorized access to sensitive data stored in online consumer accounts. This study includes a compilation of current password policies for major social media sites, online streaming services, and online retailers to demonstrate the lack of strong password requirements across multiple industries and spanning decades of corporate establishment in the online environment. Recommendations are provided for organizations to strengthen their password policies to align with NIST Special Publication 800-63-3 as part of their corporate social responsibility to provide protection for sensitive consumer data for millions of customers and online marketplace sellers.

Do Users Correctly Identify Password Strength?

Jason M. Pittman, Nikki Robinson

Much of the security for information systems rests upon passwords. Yet, the scale of password use is producing elevated levels of cognitive burden. Existing research has investigated the effects of this cognitive burden with a focus on weak versus strong passwords. However, the literature presupposes that users can meaningfully identify such. Further, there may be ethical implications of forcing users to identify password strength when they are unable to do so. Accordingly, the purpose of this study was to measure what socioeconomic characteristics, if any, led participants to identify weak and strong password strengths in a statistically significant manner. We gathered 436 participants using Amazon’s Mechanical Turk platform and asked them to identify 50 passwords as either weak or strong. Then, we employed a Chi-square test of independence to measure the potential relationship between three socioeconomic characteristics (education, profession, technical skill) and the frequency of correct weak and strong password identification. The results show significant relationships across all variable combinations except for technical skill and strong passwords which revealed no relationship.

An Experimental setup for Detecting SQLi Attacks using Machine Learning Algorithms

Binh An Pham, Vinitha Hannah Subburaj

SQL injection attacks (SQLi attacks) have proven their danger on several website types such as social media, e-shopping, etc... In order to prevent such attacks from occurring, this research effort investigates on efficient ways of detection and prevention, so that we can preserve each cyber-user’s right of privacy. This research effort is aimed at investigating and looking at different ways to protect websites from SQL injection attacks. In this research effort, machine learning algorithms were used to detect such SQLi attacks. Machine Learning (ML) algorithms are algorithms that can learn from the data provided and infer interesting results from the dataset. We used SQL code and user input as our data and ML algorithms to detect malicious code. The machine learning model developed in this research can detect such attacks from happening in future. The precision and accuracy of the machine learning algorithms in terms of predicting the SQLi attacks has been calculated and reported in this research paper.

Follow the Money Through Apple Pay

Dominicia Williams, Yen-Hung (Frank) Hu, Mary Ann Hoppa

Rapid growth in the number of mobile phones and their users has brought ecommerce applications and mobile payments to the forefront along with raising significant new cybersecurity concerns. Consumer enthusiasm for “tap-and-go” purchases must be tempered with knowledge about new risks and responsibilities that come along with these payment technologies. This paper highlights and analyzes key risks within end-to-end mobile-payment transactions through the lens of one of the most popular services: Apple Pay. Hackers are relentlessly adapting their ploys to breach these payment systems. Proactive approaches are identified to better secure vulnerabilities in smartphones, networks, communication, consumers, merchants and banks, along with practical, proactive countermeasure and action plans.


Questions about the event? Please contact:

Operations Manager
inquiry@thecolloquium.org


Last modified on Sunday, 25 October 2020 21:39

The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's goal is to work together to define current and emerging requirements for information assurance education and to influence and encourage the development and expansion of information assurance curricula, especially at the graduate and undergraduate levels.

24th Colloquium

FREE online sessions will be held this November.

Online Sessions

Recent Posts